Initiate login from Okta with Authorization Code Flow with PKCE

I’m integrating the Okta to our backend service(Java), front-end is an angular.js app. And we prefer the more secure solution: Authorization Code Flow with PKCE instead of the Implicit Code Flow. But here’s a problem. We still prefer the user could click the app icon in Okta dashboard to initiate the login.

But it looks like Okta doesn’t support initiate login via Okta when only using the Authorization Code Flow option. When I select Login initiated by Either Okata or App. It shows:

Okta can only initiate the login for Web and SPA apps with the “implicit” grant type.

I also have noticed I can enable implicit grant and using the Authorization Code Flow with PKCE

I have also found this article is useful for my case, Okta-initiated login with Authorization Code
@dragos has moved that question into the feature request.

Any progress or best practice at this time? Or any explanation about this setting? Thanks.

While we look into expanding this to allow “Login initiated by Okta” to work for other flows, we currently recommend you create a bookmark application that points to your application, as discussed here: https://support.okta.com/help/s/article/OIDC-app-not-on-dashboard

As long as the page you redirect users to in your application has logic configured to detect an existing Okta session and make an authorize request automatically, end users will be SSO’d in without needing to re-authenticate.

1 Like