I’m building a single-page app using the Okta Sign-in Widget. But there’s a problem: The widget always adds a redirect_uri parameter even though redirecting is undesirable behavior. (The user may already have navigated somewhere in the app, such as #/systems, where they should remain after logging in.) However, it looks like we HAVE to provide a redirect_url or we get an error that the redirect_url parameter is invalid. What should I do?
Never mind. The redirect_uri doesn’t seem to do anything after all.
The Okta Sign-In Widget uses an extension we made to OAuth to use a hidden iframe with Web Messaging (postMessage) to return OAuth responses instead of page redirects. The redirect_uri is needed to whitelist the parent page of the widget for the postMessage.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.