“sessions/me” API call is failing due to an access cross-domain cookie. “sessions/me” API is an ajax call made from B.com application, “sessions/me” API call requires cookie “sid” to fetch the required result from Okta and “sid” cookie is set on the “A.com” okta custom domain, not on B.com domain .
Do we have an alternative to fetch sessions/me call details with ID token or access token?
No, because the tokens are not directly tied to the Okta session. The Okta session (the one managed as a session cookie set on the Okta domain, hence the x-site cookie issue) is only needed to get the tokens in the first place. The user does not need to have a valid Okta session to still have valid tokens.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.