Check if user is Authenticated using only Javascript

api

#1

Hi,

I could use some help. The simple question is:

How, using Javascript can I check to see if a user has authenticated (through OKTA) in a simple html page. My restrictions are:

  1. I cannot use the OKTA Widget on this page
  2. I can’t use server-side code (like the OKTA .NET api).

I can, however, use the Javascript API (okta-auth-js.min.js).

I need a simple function to check if a user has authenticated through OKTA:

if (IsAuthenticated())
   RedirectUserToApp()
else
   RedirectUserToAuthApp()

What would the contents of IsAuthenticated() be?


Background

User must login to a platform that cannot incorporate an API. Logic is as follows:

  1. User makes request through QV Auth Page. Auth Page checks if user is logged in (through OKTA). If not see #2. If so, see #6.
  2. User is redirected to a small app (Auth App) that incorporates OKTA ASP.NET Middleware.
  3. Auth App first authenticates user with OKTA
  4. Auth App retrieves app specific user data
  5. Auth App redirects user back to Auth Page which will re-check Authentication
  6. If Authenticated, user is redirected to originally requested app.
    (See attached image)

It is within the Auth Page that the IsAuthenticated() function is needed.

Any tips would be greatly appreciated.

Note: This whole setup is following the second suggestion from a post I made here.


#2

So… is the reason I’m not getting a response here because my question is so asinine it is not worthy of a response :slight_smile: ? Look, I’m pretty novice, my feelings won’t be hurt if you tell me I’m clueless. Please, I’m really in need of some assist here. @nate.barbettini you helped me come up with this model from a previous response, I’m just in need of this seemingly minor point.

TIA!


#3

Hi @xpacheco,

It is holidays in the US, we are working with a skeleton crew here, I’m going to be running through some of these questions.

I believe what you are looking for is auth-js and sessionExists:

Hope this helps,
Tom


#4

Tom, thanks for the response! Didn’t mean for my comment to come off as if I was complaining. I really was wondering if I was barking up the wrong tree. I’ll give it a try. Thanks again!

— x


#5

@tom, @nate.barbettini

I’ve got the authClient.session.exists() in place and I think it works. It just always returns false. So basically, the auth app (which redirects to okta) logs in correctly, and then redirects to QV Auth page which contains the session.exists() check. This is the code that performs the redirect:

    public ActionResult Index()
    {
         // Redirect to QV Auth Page
         return Redirect ("http://localhost:8043/");
    }  

Should I be doing some sort of SetCookieAndRedirect() call? I can’t seem to find this call in the Okta SDK for .NET. Why would simply redirecting not pass along the token?

Thanks for your help.

— xavier


#6

@tom, @nate.barbettini

To further test this out, I’ve created an app where the user authenticates through Okta using the ASP.NET middleware. User logs in and correctly gets redirected back to the app. By the way, this is the demo app provided by your web site.

I have further added the javascript API to the same app and added the code you see below to one of the pages. Basically, user presses a button and I invoke the session.exists() method. This is my test of the javascript API (after user logs in through middleware).

I assumed that once the user successfully authenticated, that a token would be present within the session and that the javascript session.exists() method would return true. However, it only returns false. What am I misunderstanding here?

Here is a link to the page I have added the js api to.

https://www.dropbox.com/s/y8ectw1n2xtj1np/Index.cshtml.txt?dl=1

TIA
– xavier