PKCE true is not working when using Okta angular SDK for android and IOS

[patelchetan79]

I'm submitting this issue for the package(s):

• jwt-verifier
• [ X] okta-angular
• oidc-middleware
• okta-react
• okta-react-native

I'm submitting a:

• Bug report
• Feature request
• [ X] Other (Describe below)

Current behavior

We are using @okta/okta-angular library to authenticate with OKTA. Our web site is working fine with PKCE true. When we use the same code in IOS app or Android APP. the okta redirect URL is not working. if we use PKCE false, it is redirecting. We are using IONIC capacitor for our app.

Expected behavior

Should call Okta if the PKCE true from APP.

Minimal reproduction of the problem with instructions

Extra information about the use case/user story you are trying to implement

Environment

• Package Version:
• Browser:
• OS:
• Node version (node -v):
• Other:

[shuowu]

@patelchetan79 The cause might be

However, in a Capacitor app, capacitor://localhost is sent as an origin header, and Okta only allows http and https as schemas. This means the CORS request for the ./well-known/openid-configuration metadata fails.

From https://developer.okta.com/blog/2020/09/21/ionic-apple-google-signin#what-about-oktas-angular-sdk-and-sign-in-widget

[sucaba]

Any updates on this?