We are planning to host a nodejs based server side application which will expose a few endpoints. We have a wpf based desktop application that will open a browser from their application to allow users to sign in using the okta hosted sign in widget. Our nodejs server side app will have all the code to support the okta hosted sign in widget for authenticating users along along with redirecting the users to a web page when the authentication was successful and be able to return the authorization_code back to the desktop application. For this, once on the server side the user gets authenticated, okta will invoke the callback endpoint which will have the code. The nodejs app will then extract this code and the invoke a custom URI like abc.endpoint://desktop:/code=<one_time_code_from_okta>. The nodejs app will then have to stop at this point and not go ahead and exchange the code for an access_token and refresh_token by itself.

The desktop app will now have the code and will exchange the code along with the client_id and client_secret to okta and get an access_token and refresh_token back. I saw a lot of examples on the okta website samples but none of the nodejs or express examples have the ability to stop exchanging the code for access_token. Due to this reason we are unable to pass the auth code back to the desktop application and have it exchange the code by itself because the code is already used once and hence expired. Can you please point us to an example if any which will stop after returning the code along with the callback and not proceed further to fetch exchange code for token by itself? I have tried searching almost all the example with nodejs sample and all of them proceed to exchange the code for an access token by itself and we have no option to stop it.

Thanks