We have a use case to obtain an authorization code from a SPA using pkce. We’d like to do this silently, similar to getWithoutPrompt(). However, getWithoutPrompt() also exchanges the code for tokens. We just need the iframe to get the code, and hten communicate that code to our SPA. Is there a way to just get the code using this silent approach? We have one solution to use the redirect approach, but this is not ideal for our user experience.
The only option I can think to do is to create my own iframe with the authorize URL. Essentially mimic the getToken() function in okta-auth-js without then continuing on to the token retrieval.
Yeah, thats what I was thinking as well after checking the source code for that function, since it seems to be designed to complete the full flow end-to-end and not just make the /authorize call.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.