Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘https://xyz.abc.com’) does not match the recipient window’s origin https://org.abc.com
Did any one faced similar. Please let me know why it’s not working with okta_post_message .
When using okta_post_message, t is expected/required that the domain making the /authorize redirect should match the one that will receive the authorization code, aka the redirect_uri, see our docs for reference:
okta_post_message is an adaptation of the Web Message Response Mode (opens new window). This value provides a secure way for a single-page application to perform a sign-in flow in a pop-up window or an iFrame and receive the ID token, access token, and/or authorization code back in the parent page without leaving the context of that page. The data object for the postMessage call is in the next section.
Note: The value of the targetOrigin parameter for postMessage() specifies what the origin of parentWindow must be for the event to be dispatched (this is enforced by the browser). The okta_post_message response mode always uses the origin from the redirect_uri specified by the client. This is crucial to prevent the sensitive token data from being exposed to a malicious site.