Before authorization begins, it first generates a random string to use for the
state parameter. The client will need to store this to be used in the next step.
/oauth2/default/v1/authorize? response_type=token &client_id= &redirect_uri=/implicit.html &scope=photo &state= &nonce=
* Note: the nonce parameter is normally not required for the OAuth 2.0 Implicit Flow, but the Okta API requires it here since it is required for the OpenID Connect flow.
For this demo, we've gone ahead and generated a random state parameter (shown above) and saved it in a cookie.
Click "Authorize" below to be taken to the authorization server. You'll need to enter the username and password that was generated for you.