I am working on POC on SSO between two SPA app integrations.
I have set up two apps (MySPAone and MySPAtwo) using embedded okta-auth-js SDK (Auth + PKCE flow). I am able to log in successfully and saved access/id/refresh token in local storage for both.
Both are on localhost but have different ports.
E.g. MySPAone - localhost:8080, MySPAtwo - localhost:8081
How do I allow access to MySPAtwo after successfully logging in to MySPAone without prompting users to enter their credentials?
I have tried to redirect to /authorize with the parameter “prompt=none” but I am getting the error that the client is not logged in.
I read about setting sessionToken for /authorize flow but sessionToken can only be used once. To retrieve a new sessionToken, we can use the Authentication | Okta Developer but that means users will need to enter their username and password.
Kindly advise what needs to be done to connect both of the apps with the same authentication. Thank you.