Alternative to session.get()

BrianTu · April 24, 2023, 7:35am

Hello there,
we want to move away from the reliance of third-party cookies in our auth flow, but we have a part in our code that checks for an active session like so:

    const session = await oktaAuth.session.get();
    if (session && session.status === "ACTIVE") {
      const tokenResponse = await oktaAuth.token.getWithoutPrompt({
        responseType: "id_token",
      });
      if (tokenResponse) {
        oktaAuth.tokenManager.setTokens(tokenResponse.tokens);
      }
    }

But as i can read in the docs, both session.get() and getWithoutPrompt() requires third-party cookies. What are some alternatives to this?

Thanks!

andrea · April 24, 2023, 3:32pm

To avoid issues with reading third party cookies, the main alternative is to always redirect back to Okta. For example, instead of checking if a session exists and then call getWithoutPrompt if it does, just call getWithRedirect.

If the user already has a session, the authorize call will succeed immediately and tokens/code will be returned. Otherwise, they will be prompted to login on the Okta hosted login page

Post		Replies	Views
SSO, direct login Questions	2	3600	May 26, 2021
Any Solutions for Safari+ITP with token.getWithoutPrompt()? Questions	5	2853	June 14, 2022
Okta SignIn Widget - Getting tokens when session created from external app Questions	1	5310	January 17, 2024
Okta Widget Issues with Session.Get API widget	5	8323	August 24, 2018
Building two React App and SSO Questions spring , react	4	4081	October 27, 2021

Alternative to session.get()

Related topics