How to get sessionToken From Sign-in widget

Hi,
I would like your help on getting sessionToken from Sign in widget.
My use case is:
I wanted to perform some action for users by using users endpoints given by okta. so i need to mint an oauth token from organization authorization server in which i can get API scopes like “okta.user.read” or “okta.user.manage”. I know i can use organization token (api_token) but i don’t want to use it. i want to use access token, minted from organization authorization server.
My problem is that i’m using Single page application and okta sign in widget for this. This flow is required for my application.
i justr need to get either username and password that is been filled by user in Sign in widget to perform auhtorization flow for getting organizational authorization token to call my okt users api’s.
or the “SessionToken” of the user that is Siging into my application through Sign in widget. so i can perform authorization request at back end to get the access token.

guide me on this to how to get either “username and password” or “SessionToken” from Sign-in widget

Thanks
Hasnain Haider

Have you tried using one of the OIDC specific login methods for the widget: showSignInAndRedirect or showSignInToGetTokens? They will handle both the primary auth (username/password) AND initiating oauth flow for you.

Can you please elaborate this a little. I’m using showSignInToGetTokens and it will get “access Token” and “id Token”.
Can you explain how to get username and password out of it or the “sessionToken” from the authentication response.
My requirement is to get sessionToken out of the current OIDC flow which is carried out by okta sign-in widget.
The reason i want sessionToken is to get access token, minted from org authorization server, to use it for “okta.user.manage” scope.

You don’t, that method handles all the calls for you and grants you tokens so that you don’t have to interact with the username/password directly. The widget will use the username/password supplied to complete primary authentication and then initiate an OAuth call to get tokens.

Have you set the issuer for the widget to your okta domain, https://org.okta.com, so that the Org Authorization Server is used to mint the token, and added “okta.user.manage” as a scope?

Thank you for your response @andrea
I need to use Custom Authorization server because of the flow of my web application. my custom authorization server has few claims in it that will decide user routes in my application like admin or user roles.
so I cannot change my issuer in “authParams” as i need Custom Authorization server for my application.

In my application I’m using okta user management, (users who are assigned to my application). for this purpose i need access token from Org Authorization Server.

one way is to get the username and password to pass from Sign-in Widget to my back end. which is not possible according to my research and your answer.
Only thing left is to get “sessionToken” out from the current flow and send it to backend for Org Authorization Server flow.
help me in how to get sessionToken value from the current Auth flow.
Thanks

The session token that the widget gets will be used to get tokens from the custom authorization server and these tokens are only valid for one use.

Further, our SDKs are not designed (at least at this writing) to support storing two sets of tokens from different authorization servers, so you may face some difficulties with them. Most likely what you will need to do is:

  1. Use the widget to log in and get tokens from the Custom Authorization Server
  2. After user is redirected back with token, request a second set of tokens from the Org Authorization Server (you can use an AuthJS method like getWithoutPrompt or getWithRedirect to initiate the second oauth flow) and store them separately (you will need to set a different storageKey so that you don’t overwrite the tokens that you got back from the custom AS.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.