Integration of Apigee (as IDP) with OKTA (Service Provider) using OAuth/OIDC Protocol

We have user credentials in Oracle DB and using Apigee OAuth (grant type=password) for user authentication as until today (existing flow).

Our enterprise would like to use OKTA as Service Provider. and need to integrate Apigee with OKTA.

As i understand from OKTA documentation, we can configure APIGEE as external custom IDP provider in OKTA using OIDC protocol.

Also we have angular (SPA) app that needs to login via OKTA, which will invoke apigee for user validation.

As I understand from Apigee docs that we need to use oAuth grant type as “AuthCode+PKCE” in this context.

Can someone help to validate the design/solution and point me to any github sample code?

High level flow is Browser(Angular App)->OKTA (SSO Federation provider)->Apigee(as IDP)

It sounds like you can add Apigee as a generic OIDC IdP and then either redirect to an /authorize request that contains the idp parameter or add a custom button to the Okta signin widget.