Problems with securing a page with Okta

We’re trying to secure pages in our CMS.

I have a test page here:
https://my.uiw.edu/ird/okta.html

I followed the tutorial on this page:

The problem is some users already logged in through Okta, but then they have to login again. Do you know how to circumvent this? I think this is because I’m using it from the API and it might see it as another session. The thing is when I logout of Okta the session clears in the webpage as well.

Also, after login we get a 400 error, but if we go back to the page it says they have now logged in. How could I prevent this as well? I think this is because of the URI and I’m not to sure what to put in that field.

Hi @lvigil

The easiest solution would be to have an initial cors request to uiw-edu.okta.com/api/v1/sessions/me to check if there is an active session present in Okta and, if yes, redirect the user to the authorization endpoint to retrieve the JWT tokens, otherwise display the sign-in widget.

You can find here more details on how to set up CORS for your Okta tenant.