The interaction code flow supposedly does not require redirecting to Okta for authentication. How come the guide suggests I need to add a sign-in redirect uri to my app’s config which Okta will use to redirect to? If I never redirected to Okta in the first place, why would it need to know where to go back to?Implement authorization by grant type | Okta Developer
Turns out we do but for a perplexing reason:
If I only select Interaction Code as a grant type I get the following error: 'grant_types' must contain at least one of [implicit, authorization_code] when 'null' contains 'browser'.
Then, if I do as the guide listed in my first post suggests and select “Refresh Token” in addition to “Interaction Code” I no longer get the above error, but instead get:
At least one redirect URI is required when using the Authorization Code or Implicit grant types.
Perplexing because I don’t have Authorization Code or Implicit grant types selected. And I got to that point without having to add either of those two grant types as the first error message implied I needed to do.