How to retrieve Authorization Code using session Token

Hi All,

Before Posting, I have gone through okta documents about redirect URIs but I still need some clarification.
I have an application where we are building a whole new custom login page (Not using OKTA widget). We have our users available in Okta and we are planning to use OKTA backend APIs for authentication. As per okta documents, Once the user clicks login after entering credentials , I have to first get the session token and then authroization code and then finally access token. I was able to get the session token using the API but I dont know how to get authroization code. the document says the authroization code will be sent to the redirect URI. I dont have any idea how to retireve the authroization code using redirect URI. Lets say I have my application running on http://localhost:3006/login.

On click of login, I make api call to OKTA to get session token and then I have to make another api call to Authroize end point using the session token, will i receive the authroization code as part of response or do I need to do something else to retrieve the token?? As I am relatively new to OKTA I am completely clueless on how to retrieve the authroization code from OKTA and I am stuck. Any help would be greatly appreciated. Thanks in Advance !!!

If you create an authorization server you will get a metadata URI which includes the auth endpoint where you would request the code:

Hi Govner,

This is the point I am getting really confused. Please note that I have already gone through the documents which you shared. please shed some light on my below question.

  1. I have a custom login page with two fields username and password
  2. My authorization server name is default
  3. My redirect URI is http://localhost:3000

When i give username and password and click submit, I make api call to below endpoint and I was able to successfully get the session token.

After that in order to get the authentication code, I am making another API call to below end point passing all the required query parameters including redirect URI.

After making the call I am not getting the authroization code as part of response .
I understand from the okta docs that the code will be sent to the redirect URI but how am i suppose to get the code from the redirect URI ??.
I make an API call and I am expecting the authorization code as part of response to API call . If it is sent to localhost://3000 , there is no way for me to retrieve the code unless I am missing something.

Please explain !!!

Hi All,

Can anyone help me in the right direction on how to get the authorization code.
Currently what I am doing is , I am getting the session token and after that I am going to chrome browser and putting below URL and I could see the authroization code along with the redirect URI in the browser address bar. But I need to know how to get the code from API call instead of manually going to browser Thanks !!!

Authorization Code Endpoint

Hi @moses2489

You would need to do an http request (eg. through cURL) to with all the query parameters that your apps has (client_id=your app’s client ID, response_type=code, response_mode=query, state, nonce, etc.) and pass also sessionToken as query parameter as mentioned here.

This HTTP request would need to be able to follow the redirect back to your callback endpoint. Once the request reaches your Okta endpoint, you can take the code and pass it back to Okta as mentioned here to retrieve the JWTs.

Hi Dragos,

This is the part where I am really confused. Below is my exact code snippet, I am trying to get the redirect URL using the below code and all I am getting in the response is a html code of my redirect URL . I am getting the point of follow the URL and get the code. But can you please explain how to follow the URL or at least tell me whats wrong in my below code.

const options = {
    followAllRedirects: false,
    method: 'GET',
    uri: '',
    qs: {
    headers: {
        'Accept':"application/json" ,
        'Content-Type': "application/json"

  .then(function (response) {
  .catch(function (err) {

Hi @moses2489

Cam you please set followAllRedirects to true under options?