Widget using pkce

gvolop · July 20, 2021, 2:24pm

i’m using widget with pkce: false, and responseType: ['token', 'id_token'], (OIDC web application)

the token& tokenId should pass as query param to my redirect URI , but… there is no query params at all.

when i use responseType: ['code'] i get the code in the params.

constractor: 

this.widget = new OktaSignIn({
      el: '#okta-signin-container',
      baseUrl: 'https://XXXX.okta.com',
      clientId: 'CCCCCC',
      redirectUri: 'http://localhost:......',
      authParams: {
        issuer: 'https://XXXX.okta.com/oauth2/default',
        pkce: false,
        responseType: ['token', 'id_token']
      }
    });

ngOnInit() {
    this.widget.showSignInAndRedirect();
  }

what could it be?

okra-okta · July 20, 2021, 4:22pm

When you set PKCE to false and responseType is ['token', 'id_token'], then you are using the implicit flow and the tokens are returned in a fragment.

If id_token or token is specified as the response type, then query isn’t allowed as a response mode. Defaults to fragment in implicit and hybrid flows.

gvolop · July 20, 2021, 9:25pm

if the data came in the fragment, so is available in angular(frontend) only?

i’m trying to use the widget and give my api route(server) as the redirect url,
in my api , i need to verify the token and pull the user info from the token to grant access to my existing app.

is there any other way to do it?
how can i verify & get user info from server using the “code” that came from okta login ?

okra-okta · July 20, 2021, 10:27pm

If you’re using showSignInAndRedirect then I think you need to parse the authorization code from the url and exchange it for tokens via the /token request. You can also check out the Okta Auth JS library:

You can also check out the Okta Angular sample app as well. This one uses the widget:

gvolop · July 21, 2021, 6:43am

the redirectUrl sent to my server (Elixir) so i can’t use fragment,
when i try to use ‘code’, the code passed correctly to server route.

but how can i get the token from server code? (in Elixir server) (should is it possible?!)

the links you sent and also my research are all about angular or JS .
where can i find simple rest api docs for Okta auth api ?

Post		Replies	Views
Supplying original /authorize PKCE code_challenge and state to Okta Signin Widget Questions	2	3289	February 8, 2024
Okta sign-in widget without PKCE Questions	7	4649	January 23, 2024
OIDC PKCE flow for client API auth - best option? OAuth/OIDC	3	722	June 22, 2024
Okta Signin Widget with PKCE on Okta Identity Engine fails with: The client is not authorized to use the provided grant type OAuth/OIDC widget , idx	4	1522	February 10, 2024
OAuthError: The response type is not supported by the authorization server. Configured response types: [id_token, token] OAuth/OIDC	7	30260	July 21, 2020

Widget using pkce

Related topics