I tried to follow the documentation page to setup an enterprise connection for a SPA, but when I went through
- Select Web application as the Application type
since there is a “SPA” application type selectable, I suspected I was reading the wrong guide, so I searched something useful on Auth0 documentation and community and I found just this community post, where a user states that “the Okta Workforce Connector only works for Web Applications and not SPAs”.
So I just need some confirmations:
- Is that true? Is there any documentation about it?
- If that is true, it means there is no way to setup an enterprise connection for my SPA without using an Enterprise Connection slot from our current plan (as it would be with Okta Workforce), isn’t it?
- If it is possible to setup Okta Workforce Connection for a SPA, is it possible to have any resource/documentation of it?
2 Likes
Hi @loris32,
Welcome to the Auth0 by Okta Community!
The Okta Workforce Enterprise Connection is both secure and recommended for use with Single Page Applications (SPAs). In the guide (Connecting your Auth0 application with Okta Workforce Enterprise Connection), you’ll see that when setting up the Okta OIDC app integration, it advises selecting Web Application. This is because a client secret is required when creating the Enterprise Connection in the Auth0 Dashboard.
However, this setup remains secure for SPAs because the connection is automatically configured to support Proof Key for Code Exchange (PKCE), which is a secure method for SPAs. (Configure PKCE and Claim Mapping for OIDC Connections). You can verify that PKCE is in use by inspecting the ID token returned to check for the presence of a code_verifier. You can also select to “Require PKCE as additional verification” in the Okta application settings.
Additionally, the Okta Workforce Enterprise Connection is free to use with all B2B Essentials, B2B Professional, and Enterprise plans, and it doesn’t count against your active Enterprise Connections limit.
Hope this clarifies things!
1 Like