I’ve also tried the example here Okta Authentication Quickstart Guides | Okta Developer
with the widget but it doesn’t seem to work on a fresh mvc site. Is it because the example is for web api? if so how would I go about changing it to work?
We have examples for building a custom login page with other languages (e.g. node-express) but we haven’t built that example for aspnet yet. It’s on our backlog to work on soon.
Here is how you can do it, at a high level:
Create a login page in your app that uses the Sign-in Widget to log the user in and get a sessionToken
POST that token to a route in your MVC application
Challenge the OpenID Connect authentication handler and pass a custom parameter: sessionToken=${value}
The user’s browser will be redirected to Okta, but the active session will cause Okta to immediately redirect back (instead of displaying the Okta-hosted login page)
The rest of the OpenID Connect flow continues as normal and your app gets access + ID tokens
We’ll produce a sample soon that makes this a lot easier to do
Just curious, why do you want the login page in-app?
Hi Nate
Thank you i will try this later. We need to stay in app per client’s requirement. Just as a side note I’m a customer of southern california edison(sce.com) and their login stays on their website but if you use last pass then a pop appears asking if I want to send my credentials to okta. Thought that was interesting.
I’m faced with the same task, where I’m trying to use the login widget with ASP.NET OpenID Connect flow. Any update on a sample project? I’m trying to figure out how to pass the custom parameter (sessionToken) to the OIDC handler in ASP.NET.