I am using okta-vue and found out that the /implicit/callback does not seem to verify the tokens provided and is just simply parsing tokens and adding to local storage. Am I missing something? How does the okta-auth-js knows if these tokens are correct?
This is the method that handles the callback (Present in Auth.js)
async handleAuthentication () {
const {tokens} = await this.oktaAuth.token.parseFromUrl()
if (tokens.idToken) {
this.oktaAuth.tokenManager.add('idToken', tokens.idToken)
}
if (tokens.accessToken) {
this.oktaAuth.tokenManager.add('accessToken', tokens.accessToken)
}
}