Good day all,
We are debating on using the Okta Widget with Auth Code Flow and PKCE on our site for the simplicity and time to delivery. One of the requirements though is to use a Refresh Token. My concern is in regards to the Okta Widget being a JavaScript library. Is it safe to use a Refresh Token with the Okta Widget? Everything I have read indicates that it is best practice to use a Backend channel when working with Auth Code Flow and Refresh tokens. If the Okta Widget is safe, then would it be possible to explain why for my better understanding?
Thanks in advance for any comments.