Unable to use PKCE auth when creating a SPA application


I am using the okta sdk for nodejs, to create an SPA application. I would like to use PKCE auth, however even the application type set to SPA, the application is created using client secret by default, instead a PKCE auth. However if I create the application manually from the okta console, the PKCE auth is used by default. And I can’t find anything on the docs explaning this.

Could somebody help me on this?
This is the request that I am sending to create the application:

const oktaRequestData = {
‘name’: ‘oidc_client’,
‘label’: application.name,
‘signOnMode’: ‘OPENID_CONNECT’,
‘settings’: {
‘oauthClient’: {
client_uri: url,
‘redirect_uris’: [
‘wildcard_redirect’: ‘DISABLED’,
‘post_logout_redirect_uris’: [
‘response_types’: [
‘initiate_login_uri’: https://${applicationId}.${domain}/login/callback,
‘grant_types’: [
‘application_type’: ‘browser’,
‘tos_uri’: https://${applicationId}.${domain}/client/tos,
‘policy_uri’: https://${applicationId}.${domain}/client/policy,
‘idp_initiated_login’: {
‘mode’: ‘DISABLED’,

Found the solution. We need to set “token_endpoint_auth_method”: “none” in order to use PKCE auth.

Question can be closed

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.