Implementing Authorization Code with PKCE


We are using Okta Sign-in Widget to enforce SSO and MFA for the onboarded SAML and OIDC apps. My questions are

  1. Can Authorization Code flow with PKCE be applied to the SAML apps?
  2. How to implement/enforce auth+pkce to the configured OIDC app that is required for using sign-in widget?
  3. Is there any sample code that I can reference to implement PKCE for the OIDC apps that are implemented with Angular 6 or 7?

Thanks in advance for your kindly help!


  1. I can’t speak specifically to SAML apps (because I don’t know), but - if you’ve authenticated to Okta with SAML, you should be able to accomplish SSO to other Okta Apps that are configured for OIDC

  2. We’ve just released a version of the okta-auth-js library ( that supports PKCE. The okta-signin-widget depends on the okta-auth-js library BUT it has not yet been updated with the latest version.

  3. There is not yet any angular sample for the pkce flow.

Thank you Micah! The information that you shared helps.

1 Like