I am building two React Apps and both of them used Okta Login Widget, two app domains will be different. User will use the Okta login widget to authenticate in “App A”. After the user successfully authenticated, how could I help the user automatically sso to the “App B” ?
If you call getWithoutPrompt or getWithRedirect from the second application (using the underlying OktaAuth client), you can request tokens for that application based on the Okta session having been created when the user logged into the first (and vice versa). That way the user does not need to authenticate again to access the second application.
Note that ymmv based on the browser you are using and its settings regarding getWithoutPrompt, as it is reliant on being to access third party cookies (in this case, the Okta session cookie “sid”)
@andrea Thanks and sorry for reviving an old thread. I have tried to simulate the approach you have suggested (a react app running on localhost:3000 and another running on localhost:3001).
After logging into localhost:3000, when I open the localhost:3001 app, it’s not detecting the current session. I have checked that my chrome was enabled for third party cookies
Infact the call to ‘getWithoutPrompt’ wsa not even triggering a call to the tokens api. I could see that the localhost:3000 app was able to make call to the tokens api.
Would it be possible to direct me/provide a working sample for this scenario?
getWithoutPrompt should be calling the /authorize endpoint, not /token. Do you see the authorize call occurring or failing?
What about if you use getWithRedirect instead?
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.