Implicit flow doesn’t return an authorization code. For that, you’ll need to use the “Authorization Code flow”.
In implicit flow, you’ll directly get the token in the URL.
Since you’re using java, you should be using Authorization Code flow, which means you have to create a “Web App” in the Okta Applications page that has a client ID and client secret.
Refer to this for more info - https://developer.okta.com/docs/concepts/auth-overview/#choosing-an-oauth-2-0-flow
Now I feel silly - I used the wrong term in the title (newb mistake). The organization WAS using implicit flow, and it has been changed to Authorization Code Flow. The rest of the post/issue I’m experiencing is correct though…I get a sessionToken from the authn endpoint, pass that in the request that I’m building (shown in the message) which is passed to the authorize endpoint and I am not getting the code back in the response. We do have a web app with a client ID and client secret. Sorry for the confusion.
That won’t fix your issue but will give you confidence in your configuration.
Also, I have a feeling that your issue could be related to following redirects. Is the response code you receive a 200 instead of 302? In that case, check if there’s a config to set “follow redirects” to true, while building your client.
Glad that you solved it.
Sorry for the incorrect advice of setting it to true though.
Now let me go back and edit my post to seem that I was correct all along.
@punisher660 I know this is old. But I am having a similar issue and I do not know what the config property that sets the “follow redirects”. What is the name of that prop? THANKS!