Okta Widget with Refresh Token

ScottK901 · August 20, 2020, 3:32pm

Good day all,

We are debating on using the Okta Widget with Auth Code Flow and PKCE on our site for the simplicity and time to delivery. One of the requirements though is to use a Refresh Token. My concern is in regards to the Okta Widget being a JavaScript library. Is it safe to use a Refresh Token with the Okta Widget? Everything I have read indicates that it is best practice to use a Backend channel when working with Auth Code Flow and Refresh tokens. If the Okta Widget is safe, then would it be possible to explain why for my better understanding?

Thanks in advance for any comments.

mraible · August 20, 2020, 3:45pm

Refresh tokens are typically not supported by SPA applications. I don’t believe the Sign-In Widget supports using one either.

ScottK901 · August 20, 2020, 5:11pm

Thanks Mraible for your response.

I appreciate it.

system · January 25, 2024, 6:22pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.