We have a WPF desktop application that has a dialog with WebBrowser control that is used to authenticate the user, the sequence is like this:
- Navigate to Okta login page
- Let user enter his/her credentials and click login
- Catch when navigation is completed (and user is authenticated) and grab the cookie of our XXX.oktapreview.com site with InternetGetCookieEx (tried all options with HttpOnly, Third Party and combination)
- Store the cookie in cookies container in memory (replacing “;” with “,” due to incompatibility between output of InternetGetCookieEx and input of CookieContainer.SetCookies.
- Once time comes to renew the token (10 minutes for example), the request is made again with the cookie container and error returned is login_required with description: The client specified not to prompt, but the user is not logged in.
The funniest part is it sometimes works, without any specific change in Internet Explorer or in the code, which makes it even more frustrating.
Anyone stumbled upon such issue by chance?
P.S. I can say that when it works, I see 2 extra cookies: sid and JSESSIONID. When it doesn’t work - those cookies do not present. I couldn’t find any correlation when they are added and when they are not (not related to the checkbox “Save credentials” at all)