The problem is some users already logged in through Okta, but then they have to login again. Do you know how to circumvent this? I think this is because I’m using it from the API and it might see it as another session. The thing is when I logout of Okta the session clears in the webpage as well.
Also, after login we get a 400 error, but if we go back to the page it says they have now logged in. How could I prevent this as well? I think this is because of the URI and I’m not to sure what to put in that field.
The easiest solution would be to have an initial cors request to uiw-edu.okta.com/api/v1/sessions/me to check if there is an active session present in Okta and, if yes, redirect the user to the authorization endpoint to retrieve the JWT tokens, otherwise display the sign-in widget.
You can find here more details on how to set up CORS for your Okta tenant.