Hello Andre,
Typically there are two ways to do this.
- If your SPA application is running in the same domain as your Okta domain (assuming you are using a custom domain URL in your Okta Org), then you can use the sessions API in auth-js. Using this API you can check if a session exists and only do an /authorize call if so. The reason you need to run in the same domain/parent domain is the API relies on 3rd party cookies.
- Do an /authorize call as you currently are but provide the param
prompt=none. This will cause Okta to redirect the user back to the redirectURI if a session does not exist which you can handle by presenting your custom login page.
Thank You,