Hi
They are not stored in any repository nor session nor cookies.
On sessionStorge I can see referrerPath and okta-transaction-storage.
On Cookies storage I can see okta-oauth-state, okta-oauth-nonce and okta-oauth-redirect-params.
I made yesterday a new test. This time, instead of connecting to my company Okta portal I connected the app to a Developer Okta portal. On this test I only added callback and logout URIs and also trusted origins.
I’ve got the same results than in my previous test. Looking to System Logs in the Okta portal, I can see some differences depending on if I connected from localhost or from the https url from our integration server.
In the next table (copied from a Excel sheet) there are the different scenarios and logs I’d got
| sign in from localhost | INFO | app.oauth2.as.token.grant.id_token | OAuth2 id token is granted |
|---|---|---|---|
| INFO | user.authentication.sso | User single sign on to app | |
| INFO | user.session.start | User login to Okta | |
| INFO | app.oauth2.as.authorize.code | OAuth2 authorization code request | |
| INFO | app.oauth2.as.token.grant.access_token | OAuth2 access token is granted | |
| INFO | policy.evaluate_sign_on | Evaluation of sign-on policy | |
| INFO | user.authentication.verify | Verify user identity | |
| logout from localhost | INFO | user.session.end | User logout from Okta |
| INFO | app.oauth2.as.token.revoke | OAuth2 token revocation request | |
| sign in from integration server(https) | INFO | app.oauth2.as.authorize.code | OAuth2 authorization code request |
| INFO | policy.evaluate_sign_on | Evaluation of sign-on policy | |
| INFO | user.authentication.verify | Verify user identity | |
| INFO | app.oauth2.as.authorize.code | OAuth2 authorization code request | |
| INFO | user.session.start | User login to Okta | |
| logout from integration server (https) | INFO | user.session.end | User logout from Okta |
Thanks,
Javier