I have two angular apps. In ona okta spa was already implemented. The issuer is same for both. I am trying Authorization grant type with pkce. In other application I replicated the flow and created new okta spa client-id. Now in the other app, the token url is not being called and no authstate is being returned. While if I use the same client id ina app which already had okta implemented the token is being generated. The callback component gets the code and state in redirect url. Does someone know why this is happening or how I can debug my angular 10 application. (okta-angular:5.3, okta-auth-js: 6.9)
Edit: it’s calling a redirect/token url instead of token which results in 302 not found
I am not able to see the v1/token call itself in network tab of dev console for my app so it does not get access token and Id token. And the browser url stops at the redirect url (implicit/callback) along with code and state in query param. I am implementing it like this with little change(removed the refresh token popup)
I see the mention of implicit/callback - is the application trying to use the implicit flow rather than the authorization code flow? Please ensure that you are making your authorization request using the Authorization Code grant type.
1 Like
Hello @louie , thank you for your reply. I am using Authorization with pkce. It was just a redirect url. I was about to mention, the issue was with my routing. The OktaCallbackComponent was not being called. I solved the issue after fixing the routing. I am new to frontend development. Sorry to bother y’all with the questions.
@louie hello, I noticed another behaviour in above implemented. In my oktauth config, if I have tokenmanager storage as session storage then the oktaauthguard won’t redirect for authentication. But if I remove the tokenmanager storage (I think by default it is stored in cookies because I can’t see in local and session storage and there is jsessionid in Cookies), the oktaauthguard will reload the page everytime because the previoustate is always null and it will call loginwith redirect always because it always goes in onAuthRequired property in oidcfactory. Does anyone know if there’s a flaw in my implementation or why is this happening?
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.