I have a situation where my PKCE flow works in chrome/firefox but not in IE 11. By PKCE flow I mean:
- SEND AUTHORIZE REQUEST- From MyApp.js calld okta/authorize endpoint with code, clientid, scope, state, redirect uri, code_challenge, etc…
- RECEIVE CODE - MyApp receives a CODE from Okta as part of http://myapp?code=232f23423
- SEND TOKEN REQUEST -From MyApp.js call v1/token endpoint sending back the code along with the code verifier, etc…
Comparing the calls in step 1, the GET url params in the authorize request are identical. So I do get a code back from Okta in both scenarios… However my step 3 (token request), ALWAYS returns a 403 when running in IE. The form params look identical here as well.
Is anyone aware of any gotchas or things to be aware of when making the token request in IE 11. Are there additional settings that I need to be making (its an XMLHttpRequest POST) that I am making.
Thank you Okta community for any help/insights!