Okta sign-in widget without PKCE

I am using the latest version (3.9.1) on the okta sign-in widget. On MSIE, PKCE does not seem to be supported. So I have tried to configure the widget with flag PKCE set to false. I have not found any configuration that works…
With the following configuration, the widget keep hanging after pressing on the ‘connect’ button:

display: ‘popup’,
responseMode: ‘fragment’,

If display is set to ‘page’, I get an idToken but no accessToken.
These tests have been made with chrome 80.
Thanks in advance for your help


how is your application configured? what are grants selected?

Well, I have selected everything.
“Authorization Code”, “Implicit” with Id and Access tokens

any errors in console? what requests do you see in network activity? I’ve never seen any issues with chrome, to be honest, so I’m bit surprised

No error in the console. I do not think this is related to chrome. I have the same behavior with firefox and safari.
I have reproduce the issue with the “custom login” react sample, the only change I have made is to set PKCE to false.
I get an id token without any issue but no access token to call a resource server

Hey Alexandre,

I’ve been integrating Okta into a web app using PKCE for the past couple of months so hopefully I can be helpful. I ran into a similar issue where selecting all grants didn’t change the response tokens from the auth server.

The thing that solved my problem was removing onAuthRequired from being passed to the Security component. Essentially, it overrides the expected login flow by preventing the redirect back to Okta and expects you to handle the process of getting the accessToken yourself. Lemme know if that helps.


Hello Dylan
Thanks a lot for your answer, indeed it works much better now!


1 Like