Alternative to session.get()

BrianTu · April 24, 2023, 7:35am

Hello there,
we want to move away from the reliance of third-party cookies in our auth flow, but we have a part in our code that checks for an active session like so:

    const session = await oktaAuth.session.get();
    if (session && session.status === "ACTIVE") {
      const tokenResponse = await oktaAuth.token.getWithoutPrompt({
        responseType: "id_token",
      });
      if (tokenResponse) {
        oktaAuth.tokenManager.setTokens(tokenResponse.tokens);
      }
    }

But as i can read in the docs, both session.get() and getWithoutPrompt() requires third-party cookies. What are some alternatives to this?

Thanks!

andrea · April 24, 2023, 3:32pm

To avoid issues with reading third party cookies, the main alternative is to always redirect back to Okta. For example, instead of checking if a session exists and then call getWithoutPrompt if it does, just call getWithRedirect.

If the user already has a session, the authorize call will succeed immediately and tokens/code will be returned. Otherwise, they will be prompted to login on the Okta hosted login page