Not sure the best way to articulate this, but please bear with me.
A user logs into our website and has an okta-token-storage in localStorage with an accessToken and idToken.
We have a “co-browsing” tool for our reps to help our users and co-browse with them. When this tool is used, it essentially reloads our site into an iframe. However, because of that, the user loses their localStorage containing the okta-token-storage key, so they are kicked back to the login page.
The script used to trigger this co-browsing tool does allow for us to send tokens as query params which can then be re-used to “reset” the okta-token-storage.
Is there a best practice for sharing this okta-token-storage? Do we send the entire JSON string? Can we obtain a one time authorization code somehow which can be reused to authenticate? Again, at this point the user is already logged in. The data does get shared via query parameters so was thinking if we could somehow utilize parseFromUrl() function okta-auth-js.