Okta Token call doesn't show the token response in browser

Questions
1

Hi there,
Am using okta hosted login for OpenID flow, wherein when the angular makes the below token call I don’t see the token response in the browser, however, everything works as expected. But the only issue is i couldn’t find to see the id_token for the token call response in the browser network. where can I find this Id_token in the browser inspect tool for the token call?

https://dev-268XXX.okta.com/oauth2/default/v1/token (token call url)
Am using the following samples-js-angular-master anguar sample for this demo.

2

Hi Okta Experts,
Any update on this ask,pls?

3

If you’re using our SDK, and you see the /token request succeeding with a 200, you can see the tokens a couple of ways.

  1. If you want to access the tokens within your application, you can do this by using the methods from the Auth JS SDK via OktaAuthService that will retrieve it from the token, getIdToken() and getAccessToken().
  2. Looking for the response to the POST to /token. Okta will return a JSON response body that contains the raw access_token and id_token
  3. While logged into your app, check Local Storage (this will depend on what you have set your TokenManager to use for storage, but localStorage is the default). You should see a key called okta-token-storage which is an object that will contain the tokens for your authenticated user.
4

Hi Andreaskouras, Thanks for your response. In fact, My ask was how can I check the /token response in the developer tool(browser inspect), since it shows up as empty?
Note**: Everything work as expected but couldn’t see the /token response(access_token,id_token, expiry, etc) in the browser network tab.Pls kindly check from your end to see your also getting an empty token response?

5

That’s strange that the token response is showing up empty for you… In my test application, I do see the token response.

Screen Shot 2020-11-23 at 8.37.18 AM
Screen Shot 2020-11-23 at 8.37.18 AM1680×499 82.5 KB

What browser are you testing in and do you see it if you switch to a different browser?

6

Hi Andreas, thanks, we can ignore this issue switching to other browser resolved this issue.
However, I had a question, does this angular code provided by okta validates the id_token signature after receiving the token,if no . Is it recommended by okta to angular/react/springMVC apps to validate the sign?

7

No, our front end SDKs do not validate the token signature, but it does validate the claims within the token when storing them in the tokenManager. Typically, since your client is directly receiving the tokens, there should be no need to validate them, however.