OKTA Self-Hosted for Signin information and/or Widget for Validation

Hi all,

I have a question I have a web site that is an aspx web forms - not MVC. There are some users of the site that will use OKTA and some that will not. Basically, general public will not and will just use a web site sign-in on a login page. The others using OKTA will use a different login page. Once they login we need it to return specific information like the email address and like the token or some id that we can use. The one using the OKTA is where this question comes about. one question is how do we get it to return the information needed? They may be on the site for a while and there are times when asynchronously it needs to check to see if they are still login into OKTA.

The question is should I use like in the examples - the self-hosted I was able to get working. I presume it’s the information in the profile like the email address. So asynchronously having it go out and check to see if they are still logged in would that be the widget use and what information from the profile is used/can be used?

On the widget sample use when I attempt a login, I keep getting "unauthorized_client (400, The client is not authorized to use the provided grant type. Configured grant type: [implicit, client_credentials, authorization_code, refersh_token].) I have the YAML file with the information what it mentions in the example.

On the developer dashboard, under the app, I have the Grant Type of the client credentials and authorization code checked so I am not sure what other grant type or how to enable that. I am not sure what is going on there.

Does anybody have any information on those questions especially with the widget or asynch validation call?

Any information here would be greatly appreciated.



Hi, Marc. To check if there is an active session, you can make a call to the /sessions/me API endpoint.

As for the error you are receiving with the widget sample, are you using a custom authorization server or the org authorization server? Could you please share the widget sample you used?

1 Like


Thanks for the information. It’s very vague though because like in the first “Request Example” other than the ${yourOktaDomain} when are the bold items coming from?

curl -v -X POST \

-H “Accept: application/json” \

-H “Content-Type: application/json” \

-H “User-Agent: Mozilla/5.0 (${systemInformation}) ${platform} (${platformDetails}) ${extensions}” \

-d '{

“sessionToken”: “00HiohZYpJgMSHwmL9TQy7RRzuY-q9soKp1SPmYYow”

}’ https://${yourOktaDomain}/api/v1/sessions

The same types of questions plague the rest of the same that are were in that link too.

With respect to “…are you using a custom authorization server or the org authorization server” I am using whatever server that came with the OKTA Developer (if there even is one.)

See where some of my dilemma is? The web sites and documentation do not make things very clear in my opinion.

Please let me know on some of the questions I am asking about if you know or direct my to one that can, please.

Thanks and appreciate it.