SPA using Okta Simplified Flow Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmanqai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Nicholas WinslettNicholas Winslett 

SPA using Okta Simplified Flow

Looking for some help understanding the basic flow for an SPA using the Okta Simplified Flow. 

I have created an application within Okta using the SPA and "Send ID Token directly to app" settings.  

-- User clicks on the app tile in Okta, Okta mints and posts the id_token JWT to the SPA
-- SPA stores this token client side (cookie etc).  
-- The SPA then interacts with a corresponding API and sends that token with each request
-- The API validates the JWT, checks expiration, checks user in certain group and authorizes or denies 

Do I have this correct or am I missing something here?  Does the API in the scenerio need to interact with Okta for any reason?