We’re working with a client who has a website alongside their app, they’ve added some software to the website called Chameleon that sits in front of their login page.
I was given this flow by their web developers but can’t see to see how it would work for an app:
Click Login in the app. Generates an OIDC request to Okta. This should be your initiate login URI.
Application redirects to Chameleon via Okta and the user is presented with a webview to enter their credentials
Chameleon logs the user into Okta, and creates the Okta session.
Chameleon then uses the Initiate Login URI to complete the login to the mobile application. This will then:
a. Generate a second OIDC request from the app.
b. In the open webview, the normal OIDC request flow is followed, but as the Okta session exists in the web view from Step 3, Okta natively handles the request returns the OIDC tokens to your redirect endpoint, and the user is logged in to the app successfully.