Hello,
I am not sure if you trying to run auth-js in server mode or client mode?
- In client mode (SPA apps) the browser would initialize auth-js, do the authorize flow, and store token in the local browser storage.
- In server mode auth-js would be initialized in a Node app, the Node app would handle the redirect URI and store tokens.
It is much more common to run auth-js client side, but when using with a public app there is no client_secret. A client_secret would only be used for a web app.
I suggest testing a couple of samples to see which fits your use case best.
- Running server side (web app) - okta-auth-js/samples/generated/express-embedded-auth-with-sdk at master · okta/okta-auth-js · GitHub
- Running client side, plain JS - okta-auth-js/samples/generated/static-spa at master · okta/okta-auth-js · GitHub
- Running client side, React - okta-auth-js/samples/generated/react-embedded-auth-with-sdk at master · okta/okta-auth-js · GitHub