I have an app (App A - appa.companyname.com) that is a react app using the Okta Sign In Widget.
I have another app (App B - appb.companyname.com) that is using OpenID Connect.
I am using a custom domain for my auth server which is not the same as my apps domain ( auth.somedomain.com).
Logging into both of the apps works fine in a browser tab.
However, when I embed App B into App A, I get an 403 error when trying to execute the sign in flow.
I have enabled the Iframe Embedding option.
Are there any ideas on how I can achieve a seamless sign on experience?
Which Okta endpoint are you seeing a 403 error for?
I’m seeing an error on the appB.companyname.com/redirect_uri?code= endpoint. The browser blocks the cookie from being set due to the attribute of it being SameSite=Lax and it does not have a Secure flag present.
You’re receiving an authorization code as well right? If yes, sounds like the user was authenticated successfully and now your app needs to handle exchanging the code for tokens. Is the cookie that’s being blocked being set/used by your app?
Yep. The cookie is being blocked by the browser from being set. Is there a way to ensure that it doesnt get blocked?