The primary use case is that the widget would be used to get an id_token and then it would be passed to a downstream app (App A) which would consume it and SSO the user and issue an app session token of their own.
In addition, a link within App A would then trigger an SP-initiated SAML flow to another downstream app (App B). As App B can’t consume an id_token, we would need to exchange it during initial Okta auth (I would think) for an Okta session cookie. I’m relatively clear on using the following approach to do so. However, can we do the same in the Okta Sign-In Widget?
That primary rationale is to avoid having to re-invent the wheel and reuse the widget for as much as we can.