We are planning to implement an Embedded Sign-In Flow for our website which is on OIE, and we see that Okta supports two primary approaches:
-
Okta Sign-In Widget (SIW)
-
Okta AuthJS
Because we have significant customization requirements—including MFA enrollment, MFA verification, and password recovery (forgot password)—we are evaluating which option fits best.
Using the Sign-In Widget would require us to implement substantial custom JavaScript and CSS to override styles and modify behaviors used by Okta during the sign‑in flow. Since we do not fully control Okta’s DOM structure or styling, this introduces risk and maintenance overhead. As a result, we are considering using AuthJS directly, which may help us avoid dependency on SIW versions and the form/UI markup it generates.
We also noticed that the last AuthJS release was in November 2025, which raises concerns about ongoing development activity. We understand that the Sign-In Widget is essentially a wrapper on top of Okta AuthJS, so AuthJS is part of the core authentication stack.
Given all this, we have a few key questions:
-
Are there any security risks or concerns with using AuthJS directly?
-
Is Okta AuthJS still supported going forward?
-
If we choose AuthJS instead of SIW, do we lose any features—for example, Okta-hosted email flows functionality?