How to handle OIDC redirect, after authentication success via federated IDP in okta-signin-widget

We are using a self hosted version of okta-signin-widget, when user navigates to get /authorize url, then okta redirects user to our hosted signin-widget adding statetoken argument, then hosted widget uses webfinger to detect user email and redirect to federated IDP, my question is how to continue stepup authentication using this statetoken?

Notes:

  1. For nonfederated users, that is okta users, after authentication we call result.stepUp.finish() function which we get in success callback when calling signIn.renderEl() function, is there a way to call stepup() function for federated users?
  2. We tried to call directly the redirect url adding statetoken base64 decoded, but we get 4xx error Forbiden: https:///login/step-up/redirect?stateToken=00SQUms6NunRbXXXXXXXXXXXXStRRyC0boZH
  3. I also tried to redirect to our hosted signin-widget and succesfully got an okta session, now how to tell widget to do stepup.finish() as in the case for non federated users?
1 Like

Any findings here please ?