I am using redirect model in my angular app to authenticate against OKTA.
following Sign users in to your SPA using the redirect model | Okta Developer.
How should I get session ID ?
I dont have any backend.
Just curious, why do you need a session ID?
I need to pass it to another application.
They would like to track user actions as per session.
Your app could make a CORS request to /api/v1/sessions/me to get the id back, but that can fail in browsers blocking third party cookies.
If you are using a custom authorization server (such as default), you could use a token inline hook to store the session ID within the user’s tokens, as described over here: Validate access token is linked to Okta session - #2 by andrea
Note that if the application uses refresh tokens to keep the user logged in, I believe the session ID will disappear from the payload sent to your hook endpoint, as the Okta session has become divorced from the application session (aka, the presence of an Okta session was not necessary to keep the user logged in via the refresh token).
In the end, tying user actions in your app to their Okta session ID may not be a good fit because of this disconnect.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.