Hi,
I want to use the login_hint and id_token_hint parameters as per OIDC standard but didnt understand how it works in real sceanrio.
Have any real use case?
Thanks
Alin
Hi,
I want to use the login_hint and id_token_hint parameters as per OIDC standard but didnt understand how it works in real sceanrio.
Have any real use case?
Thanks
Alin
Hi @alin:
Both of the params you mentioned solve different use cases, but here is a simple example for why you’d want to use them:
login_hint
to pre-populate Okta’s login form with a user email address. This provides one less input step for the end-user, as they’ll only need to input their password./logout
endpoint requires an id_token_hint
(mapped to your identity token) parameter to locate the user. This is endpoint is commonly used after a token has expired and/or a user has requested to logout of an application.Further, the OpenID Connect Core specification is incredibly helpful, and goes into significantly more detail.
Hope this helps!
Hi jmelberg,
thank you so much the reply and much appreciated. Now customer is asking to use login_hint=pairwise, so my question is how is pre populate this value into user login page when this value is encrypted?
Appreciate your help.
Thanks
Alin
Hi @alin,
If you’re using a Custom Hosted Login Page, you can use the processCreds
function to decrypt the username
before passing it to Okta. Note that the username
field will still contain the encrypted username
value, which may confuse users.
const signIn = new OktaSignIn({
...
processCreds: (creds) => {
console.log(creds.username);
// ENCRYPTED_USERNAME
console.log(creds.password);
// User's injected password
}
});
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.