I have a Java web app with my own customized logon page. After obtaining the sessionToken by calling the /authn endpoint, I then call /authorize in the following format:
Everything seems fine and I get redirected to my landing page successfully.
However, if I understand the documentation correctly, this should also set a session cookie (I think the cookie name is sid) for the domain “my.oktapreview.com” so that I won’t need to be authenticated again if I try to log on to my.oktapreview.com. Instead, I still get the Okta logon page when trying to access my.oktapreview.com, and on examining the cookies for my.oktapreview.com, I don’t see the “sid” cookie either.
Is this a bug or am I missing something?