I have 2 asp.net web applications secured with Okta (OPENID OAuth2). Everything is working fine, we can connect through Okta on both websites.
The problem: from the first website, I would like to be able to call a specific page on the second website. It only works the second time. Let me explain you below.
- Opening the browser and launching https://first.mydomain.com
- User connect through Okta (with his credentials and OktaVerify)
- Once connected, user navigate inside the first web app then click on a button
- Some JavaScript code is executed and open a new tab with the following url https://second.mydomain.com/#/PackingDetail/3101
- (the first time) when the second web app launch, user does not have to re-authenticate (by typing his credentials) because he is already connected in the 1st tab of the browser. But I can see the url changing to https://companydomain.okta.com/oauth2/default/v1/authorize?client_id=0oa3qxxx...&x-client-ver=6.14.1.0#/PackingDetail/3101 then after a while redirected to the static PostLogoutRedirectUri (https://second.mydomain.com). Unfortunately, the specific page (…/PackingDetail/3101) is not accessed as expected.
- now, let’s reclick on the same button in the first web app
- This open a new tab with the following url https://second.mydomain.com/#/PackingDetail/3101
- (this time, the second time) when the second web app launch, this is working as expected: the specific page is accessed (…/PackingDetail/3101). There is no okta redirect or anything because the session cookie is found.
My question: is it possible to have it working as expected the first time it is accessed?
It seems, the first time https://second.mydomain.com/#/PackingDetail/3101 is accessed, Okta needs to connect the user and so redirect to the (static) PostLogoutRedirectUri which is the problem. The second time, the session cookie is found and so Okta don’t have to redirect but can directly access the requested page (https://second.mydomain.com/#/PackingDetail/3101).