AiraaD.43082 (Customer) asked a question.
OKTA XAA Cross App Sample Agent0 app does not allow me to do a PKCE based login
I am trying out the Okta's new XAA based flow and I created a Agent0 - Cross App Access (XAA) Sample Requesting App. But it looks like the token flow requires me to pass the client secret all the time and does not support PKCE.
- Is there some setting that I am missing or thats how XAA is supposed to be?
- Is that going to be the case going forward as well or this is just for the sample app?
Basically I am trying to use the same app has a OIDC(for a SPA) and a requesting app.
Thanks
Hi @AiraaD.43082 (Customer) , Thank you for reaching out to the Okta Community!
This question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out via devforum.okta.com to take advantage of their expertise.
In the meantime, I ran this by some of my DevSupport colleagues and they mentioned that the original Agent0 app doesn't have PKCE because it was created for Okta Integration Network (OIN) use cases and that if you want to use a SPA, you will have to use serverside authn for a SPA, making the app a client that can maintain secrets for XAA use cases.
Hopefully that provides some additional insight. I recommend engaging them on the dedicated forum to discuss the implementation in detail.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Just released: More Okta Community badges just added