Okta sign on widget

Hello all,

Has anyone used okta sign-in widget ( okta hosted) in a web application mainly java script based ? I am facing an issue where the login box takes the credentials and also requests to enter MFA - OTP for the applicable user. But after that it just gets stuck and does not redirect me to the applications redirect URI as configured.
Any sample script will be appreciated.

I suspect the redirect code needs to be added to the java script.

I am following the basic java script shared within Okta documentation.

Can you add a link to the Javascript code you are using from Okta’s documentation?

There could be a number of reasons this is happening.

  • To verify you are not using a self hosted widget but rather redirecting to the Okta hosted login page for your Org?
  • If so is this the default login page or a custom login page with a custom URL domain?

So basically I am using the code from the live widget currently. I am looking to understand how does the method showSignInandRedirect will help in my case as I am using Auth Code flow.

Now that i have managed to elliminate error on the java Script by using:
signIn.showSignInAndRedirect({ el: ‘#widget-container’, clientId:’<%= process.env.CLIENT_ID %>’, redirectUri:’<%= process.env.REDIRECT_URI %>’ });

I have not been able to use the sign in due to CORS Error.

I have already added my domain to CORS & Redirect both within Okta API - Trusted Origins
I am not sure what is causing my XHttp Request to fail despite the proper trusted origins.

Error in Chrome :
Access to XMLHttpRequest at ‘https://XXXX.okta.com/api/v1/sessions/me’ from origin ‘https://XXXXX.com’ has been blocked by CORS policy: Request header field x-okta-user-agent-extended is not allowed by Access-Control-Allow-Headers in preflight response.

Below is the script used for login, But the after entering user credentials the login keeps spinning and doesn’t go anywhere

Login screen : after credentials verification-

However , OKTA system logs show that the user is Authenticated and Verified.

My concern is that why the OAuth flow doesnt pick up here on after the authentication completes.

What is the last network call you see when you attempt to login and the widget gets stuck like this? Does it succeed or fail? Anything in the console?