I’ve created a small .net MVC client application which provides a user with the ability to sign in (via calling relevant Okta endpoints) and redirected to a custom home page which works fine and i get a session cookie returned to the browser. I’m calling the authentication api to get a session token, then calling the sessions api to obtain a session cookie.
Once redirected im calling the app links end point using the user id that i get back from okta to retrieve a list of applications that this user has access to which also works fine.
One of my Okta applications has its own angularjs SPA acting as client application it also has its own Gateway API that essentially provides access to various other resource APIs via the form of an access token as bearer token in auth header once the user has been authenticated.
When i click on the app link for the Okta application on my custom homepage, it redirects the user to a certain URL that I’ve provided but I’m a little bit stuck on what the best approach is then in regards to automatically signing them in. i appreciate I’ve got to make some back end code changes to my application to validate that the user is authorized but would should be used? should my Okta application be making another call with a client id and client secret to obtain an access token?
Hope this makes sense (probably not).