I’m integrating the Okta to our backend service(Java), front-end is an angular.js app. And we prefer the more secure solution: Authorization Code Flow with PKCE instead of the Implicit Code Flow. But here’s a problem. We still prefer the user could click the app icon in Okta dashboard to initiate the login.
But it looks like Okta doesn’t support initiate login via Okta when only using the Authorization Code Flow option. When I select Login initiated by Either Okata or App. It shows:
Okta can only initiate the login for Web and SPA apps with the “implicit” grant type.
I also have noticed I can enable implicit grant and using the Authorization Code Flow with PKCE
Any progress or best practice at this time? Or any explanation about this setting? Thanks.