Handling response from self hosted widget in PHP

Using the self hosted widget in my Symfony application it will successfully go to Okta and authenticate the user. In the response to the redirect where I’m trying to authenticate the user server side I see a code and a state value. How do I get an access token from these?

Check out this section of our guide for Authorization Code flow and how to make the subsequent /token request (in which you pass the auth code you got back at your provided redirect_uri) to get tokens for a user: Implement authorization by grant type | Okta Developer.

PS, if your widget is currently configured to use pkce auth (which is enabled by default) you may want to disable this as that is a better fit for SPA integrations (example config can be found in our docs here)