I have an application that uses the Implicit Flow for authentication via the oktaSignIn widget. I’ve followed the tutorial here, and everything works as expected.
However, if the user creates a session in another application, then navigates to my application, I’m able to use the oktaSignIn widget to verify a session exists, but I can’t seem to find a way to use the oktaSignIn widget to get tokens either from the session or otherwise without logging in. In fact, the oktaSignIn widget even provides this function:
showSignInToGetTokens
I have a workaround, I’m verifying the session using the oktaSignIn widget as in the example, then using the Okta Auth JavaScript SDK to get get tokens using getWithoutPrompt:
authClient.token.getWithoutPrompt({
responseType: 'id_token', // or array of types
sessionToken: 'testSessionToken' // optional if the user has an existing Okta session
})
.then(function(tokenOrTokens) {
// manage token or tokens
})
.catch(function(err) {
// handle OAuthError
});
My question is this: Is my technique the best option? is there a way to do this solely within the oktaSignIn widget?