We are using the Okta Sign-In Widget with OIDC authentication.
The application passes login_hint to prepopulate the username on the login page.
Current behavior:
- login_hint correctly prepopulates the username
- Username field remains editable
Requirement:
- Username should be prefilled
- Username field should be non-editable / disabled
- Preferably achievable via Okta-supported configuration, policy, or feature flag
- Avoid frontend DOM manipulation or custom JavaScript where possible
Question 1 (Configuration support):
Is there any Okta-supported setting, policy, or feature flag
that disables the username field when login_hint is present?
Question 2 (Widget / event-based approach):
We understand that customers sometimes use the Sign-In Widget
event hooks (for example, on/afterRender) to disable the username field
programmatically once it is populated.
Can you confirm:
- Whether disabling the username field via widget lifecycle events
(such as afterRender) is a supported and recommended approach?
- Whether this approach is considered stable across widget upgrades?