I’m trying to determine if this is possible.
We have a SPA (Angular) with a login screen that offers either credential entry, or “Sign in with Okta” link. If the link is clicked then the user is redirected to an Okta hosted login form, or (from the users perspective) logged straight into the application.
If the user enters Okta credentials into the form, they are also logged in as these details go through the API which which then forwards requests onto Okta.
The SPA currently uses Implicit Flow, and I’d like to change that to use Authorization Code with PKCE, but I’m being told we cannot change Okta settings to SPA, as that would break the API. So my thought is that there needs to be work done on the API before we could change the Okta App Type to SPA.
Is there a way to have one Okta “application” but use it for both a SPA and an API?
We also want to keep the “Sign in with Okta” link for user convenience.