I’m building a single-page app using the Okta Sign-in Widget. But there’s a problem: The widget always adds a redirect_uri parameter even though redirecting is undesirable behavior. (The user may already have navigated somewhere in the app, such as #/systems, where they should remain after logging in.) However, it looks like we HAVE to provide a redirect_url or we get an error that the redirect_url parameter is invalid. What should I do?
Never mind. The redirect_uri doesn’t seem to do anything after all.
The Okta Sign-In Widget uses an extension we made to OAuth to use a hidden iframe with Web Messaging (postMessage) to return OAuth responses instead of page redirects. The redirect_uri is needed to whitelist the parent page of the widget for the postMessage.