Implementing Authorization Code with PKCE

wdchuang · June 6, 2019, 4:45pm

Hi,

We are using Okta Sign-in Widget to enforce SSO and MFA for the onboarded SAML and OIDC apps. My questions are

Can Authorization Code flow with PKCE be applied to the SAML apps?
How to implement/enforce auth+pkce to the configured OIDC app that is required for using sign-in widget?
Is there any sample code that I can reference to implement PKCE for the OIDC apps that are implemented with Angular 6 or 7?

Thanks in advance for your kindly help!

Wei

micah.silverman · June 6, 2019, 5:44pm

I can’t speak specifically to SAML apps (because I don’t know), but - if you’ve authenticated to Okta with SAML, you should be able to accomplish SSO to other Okta Apps that are configured for OIDC
We’ve just released a version of the okta-auth-js library (https://www.npmjs.com/package/@okta/okta-auth-js#pkce-oauth-20-flow) that supports PKCE. The okta-signin-widget depends on the okta-auth-js library BUT it has not yet been updated with the latest version.
There is not yet any angular sample for the pkce flow.

wdchuang · June 6, 2019, 7:20pm

Thank you Micah! The information that you shared helps.

system · January 23, 2024, 7:12pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Auth Code + PKCE flow supported by Okta mobile SDKs? Questions	3	3564	February 25, 2022
SSO from SAML to OIDC App which has custom login page OAuth/OIDC	8	4291	February 10, 2024
Angular custom login page with pkce flow OAuth/OIDC	2	1704	February 15, 2024
Okta-idx-java SDK and Authorization Code flow with PKCE Questions api , java	4	1593	February 19, 2024
Okta Sign-in Widget Using PKCE Flow Questions	3	6179	April 1, 2021