Electron: Best Practices for Sessions w/ Okta SDKs

Hello and Happy New Year!

I’m referencing this recent article about using the okta-auth-js SDK in an Electron App. In the article, all of the interaction with the okta SDK is done on only the backend main process, which is great from a security standpoint.

The article does not mention the session API, however - just basic sign in and sign out. It looks like according to the documentation here, that


should not work in the main process, and it does not. It throws the following error when called:

ReferenceError: window is not defined
    at setCookieAndRedirect (webpack:///./node_modules/@okta/okta-auth-js/esm/session.js?:80:32)
    at IpcMainImpl.eval (webpack:///./src/main/index.ts?:103:32)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)

This makes sense because there is no window to reference in the main process. This seems to relate to this issue: Sign-In Widget doesn't work with a server-rendered JS framework · Issue #295 · okta/okta-signin-widget · GitHub

So, what is the current best practice for interacting with the okta session API on the main process of an Electron app? Will using the IDX API instead of the authn API solve this issue? (code example here) Or do I need to look at the Node.js SDK?

For our use case, we would like to be able to persist a session to a user’s appData directory (via localstorage or something like that), so we have something to reference when the user quits and restarts the app. We would then refresh the session as necessary or when the token expires.

Thank you!