I’m using the Okta Sign in Widget to put a widget on a /login page in a Next/React app.
When someone is signing in with SSO, let’s say where there’s a rule for @example.com, they can enter a different email and go through the login process an start a session for any email @example.com. There’s no security issue here, but it’s confusing and we would like to give a user an error if they were to:
- Enter ABC@example.com in the login box
- Enter example.com’s SSO flow
- They login as XYZ@example.com. This succeeds and they have a session that we unpack on the SSO callback page with oktaAuth.token.getWithoutPrompt(); and oktaAuth.tokenManager.setTokens(response.tokens); … the user is now logged in as XYZ@example.com
However, we want to display an error/be able to handle this case, “know” that ABC@example.com value on the app side so that we can do something when these two items mis-match.
Things I’ve looked at but couldn’t see a console.log statement show/see that they fire:
- preSubmit on the widget, to see if I could save something there. I don’t see that firing
- signin.after (‘identify’) or ‘before-success’ hooks, I didn’t see firing