One of the major wish list (requirement) with us is to have a single login page for all our applications.
Actually we don’t want to create a login page for any our applications. Whenever user navigates to one of our application and if we find there is no active session; we would like to redirect that user to something like “company.okta.com/appid/”.
I was able to make some progress in one of the SPA App I have.
- In the “Login Initiated by” dropdown I selected “Either Okta or App”
- Then in the “Login Flow” I chose “Send ID Token directly to app (Okta simplified).
All logins get redirected to the url https://company.oktapreview.com/home/oidc_client/0oajt35pfdGKfssfs7/aln5z7uhksdvge7bMy0g7
After a successful login on the URL above it redirects back to App Redirect URL by HTTP Post. But I was expecting an HTTP Get with ID Token & Access Token appended to in the URL like usual implicit flow. This does not seem to happen.
So we would like some help to figure how to get the Access token back.