Auto Login when okta-token-storage available

Not sure the best way to articulate this, but please bear with me.
A user logs into our website and has an okta-token-storage in localStorage with an accessToken and idToken.
We have a “co-browsing” tool for our reps to help our users and co-browse with them. When this tool is used, it essentially reloads our site into an iframe. However, because of that, the user loses their localStorage containing the okta-token-storage key, so they are kicked back to the login page.
The script used to trigger this co-browsing tool does allow for us to send tokens as query params which can then be re-used to “reset” the okta-token-storage.

Is there a best practice for sharing this okta-token-storage? Do we send the entire JSON string? Can we obtain a one time authorization code somehow which can be reused to authenticate? Again, at this point the user is already logged in. The data does get shared via query parameters so was thinking if we could somehow utilize parseFromUrl() function okta-auth-js.

Hello,
I don’t know that we have a best practices for passing token(s) to another window/frame and then recreating the token storage (auth client) and storing the tokens.

I am not sure why your iFrame does not have access to the tokens in local storage however? If I have a parent window, login to Okta using okta-auth-js / store tokens, and then embed an iFrame, that iFrame still has access to the token storage assuming it is running in the same domain?

Is your iFrame opened for another domain? If so the Okta session for your Org would still exist, so the iFrame window could do another /authorize call to get tokens.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.