How to handle OIDC redirect, after authentication success via federated IDP in okta-signin-widget

We are using a self hosted version of okta-signin-widget, when user navigates to get /authorize url, then okta redirects user to our hosted signin-widget adding statetoken argument, then hosted widget uses webfinger to detect user email and redirect to federated IDP, my question is how to continue stepup authentication using this statetoken?


  1. For nonfederated users, that is okta users, after authentication we call result.stepUp.finish() function which we get in success callback when calling signIn.renderEl() function, is there a way to call stepup() function for federated users?
  2. We tried to call directly the redirect url adding statetoken base64 decoded, but we get 4xx error Forbiden: https:///login/step-up/redirect?stateToken=00SQUms6NunRbXXXXXXXXXXXXStRRyC0boZH
  3. I also tried to redirect to our hosted signin-widget and succesfully got an okta session, now how to tell widget to do stepup.finish() as in the case for non federated users?
1 Like

Any findings here please ?