j5v7c (j5v7c) asked a question.
SPA using Okta Simplified Flow
Looking for some help understanding the basic flow for an SPA using the Okta Simplified Flow.
I have created an application within Okta using the SPA and "Send ID Token directly to app" settings. -- User clicks on the app tile in Okta, Okta mints and posts the id_token JWT to the SPA-- SPA stores this token client side (cookie etc). -- The SPA then interacts with a corresponding API and sends that token with each request-- The API validates the JWT, checks expiration, checks user in certain group and authorizes or denies Do I have this correct or am I missing something here? Does the API in the scenerio need to interact with Okta for any reason?
Hello!
Thanks for posting in the Okta Community forums! I tracked down this link that provides the required information and explains the flow of SPA:
https://help.okta.com/en/prev/Content/Topics/Apps/Apps_App_Integration_Wizard.htm
Hi,
My name is Silviu and I am a Technical Support Engineer (Tier II) at Okta.
Besides the link provided above, as this enters the Dev Support field, I would kindly advise you that for any further assistance to please open up a case with Okta Support and get all the necessary pieces of information, if not provided yet.
Wish you all the best in your work!
Thank You,
Silviu Muraru
Technical Support Engineer | Okta Inc.