How to access entered email before SSO flow?

I’m using the Okta Sign in Widget to put a widget on a /login page in a Next/React app.

When someone is signing in with SSO, let’s say where there’s a rule for @example.com, they can enter a different email and go through the login process an start a session for any email @example.com. There’s no security issue here, but it’s confusing and we would like to give a user an error if they were to:

  • Enter ABC@example.com in the login box
  • Enter example.com’s SSO flow
  • They login as XYZ@example.com. This succeeds and they have a session that we unpack on the SSO callback page with oktaAuth.token.getWithoutPrompt(); and oktaAuth.tokenManager.setTokens(response.tokens); … the user is now logged in as XYZ@example.com

However, we want to display an error/be able to handle this case, “know” that ABC@example.com value on the app side so that we can do something when these two items mis-match.

Things I’ve looked at but couldn’t see a console.log statement show/see that they fire:

  • preSubmit on the widget, to see if I could save something there. I don’t see that firing
  • signin.after (‘identify’) or ‘before-success’ hooks, I didn’t see firing

Anyone have insights on this?

Have you tried using transformUsername to retrieve the value provided by the user during login?

1 Like

I have not tried that yet! Thank you.