I have implemented Okta login in my application. We used the okta login widget for login. It call the API ‘/api/v1/authn’ api to login as follow
{
“username”: “{{username}}”,
“password”: “{{password}}”,
“options”: {
“multiOptionalFactorEnroll”: true,
“warnBeforePasswordExpired”: true
}
}
Here, the password I sent is visible in the Chrome Developer tool network tab. Is there any way to send it securely ?
Hi there. This is actually a working function of the browser. You should notice this happening on any site you login to - not just Okta. Rest assured that information never leaves the browser, it will leave the browser hashed and encrypted (as long as you are connected over HTTPS).
Hi Cale/Bhushan,
We are also facing the same concern by the business team. is there any way we can encrypt this in chrome browser. We setup the application with trust using SAML 2.0 protocol.
The application will redirect to the OKTA login page and in the okta idp when we enter user id and password, when we do F12 or inspect in chrome browser, we can see the user id and password visible in plain text.
Thanks and Regards
Zameer Ahamad
In my server, i enabled debug logging and i saw that the passwords were visible. I have different customers who use my https service with the okta and when they login to my hosted service, i as an admin can clearly see passwords of all my users. This is not just the issue with the browser level.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.