Okta React App



Sign users in to your SPA using the redirect model

OIDC – OpenID Connect.
Proof Key for Code Exchange (PKCE)
– Use this grant type for applications that cannot store a client secret, such as native or single-page apps.

Github Okta-Auth-Js Storage manager

Refresh the access and ID tokens

Auth JS fundamentals

function createAuthClient() {
  // The `OktaAuth` constructor can throw if the config is malformed
  try {
    authClient = new OktaAuth({
      issuer: config.issuer,
      clientId: config.clientId,
      redirectUri: config.redirectUri,
      scopes: config.scopes,
      useInteractionCodeFlow: true,
      tokenManager: {
        storage: config.storage
    if (config.startService) {
  } catch (error) {
    return showError(error);

Build a Secure SPA with React Routing

Integration guide describes how to integrate Okta’s API Access Management (OAuth as a Service) with Amazon API Gateway.

Sample Node.js implementation of an AWS Lambda custom authorizer for AWS API Gateway that works with a JWT bearer token (id_token or access_token) issued by an OAuth 2.0 Authorization Server. It can be used to secure access to APIs managed by AWS API Gateway.