You can use the Sessions endpoint to confirm the presence of this session (GET /api/v1/sessions/me), which can be completed as a CORS request (note that you might run into issues calling this from your application in a browser that blocks third party cookies). As this is a front-end only call, there is no .NET code I can provide you, but here is a sample Fetch request:
fetch('https://{{oktaDomain}}/api/v1/sessions/me', {credentials: "include"})
.then((response) => {
return response.json();
})
.then((data) => {
console.log(data);
alert(JSON.stringify(data));
});
If you do run into third party cookies, you will need to redirect back to Okta to confirm the session exists (this is how you would complete SSO into a second application anyway). There’s not really a deliberate endpoint for this, only that SSO would work or, if the user access the Okta domain, they should be sent into the dashboard directly without being prompted to auth.