Setup SSO flow for two OIDC App Integration

I am working on POC on SSO between two SPA app integrations.

I have set up two apps (MySPAone and MySPAtwo) using embedded okta-auth-js SDK (Auth + PKCE flow). I am able to log in successfully and saved access/id/refresh token in local storage for both.

Both are on localhost but have different ports.
E.g. MySPAone - localhost:8080, MySPAtwo - localhost:8081

How do I allow access to MySPAtwo after successfully logging in to MySPAone without prompting users to enter their credentials?

I have tried to redirect to /authorize with the parameter “prompt=none” but I am getting the error that the client is not logged in.

I read about setting sessionToken for /authorize flow but sessionToken can only be used once. To retrieve a new sessionToken, we can use the Authentication | Okta Developer but that means users will need to enter their username and password.

Kindly advise what needs to be done to connect both of the apps with the same authentication. Thank you.

I have managed to perform SSO login between two OIDC SPA app, but I am not sure if it is correct.

Workflow as follows:

  1. Users perform login in web 1.
  2. Web 1 will need to keep access token and id token in browser session.
  3. We just need to redirect to web 2 after clicking on a link from web 1 or simply enter the URL on the same browser.
  4. On web 2 landing page, the program will need to perform checks for the existence of valid okta session and id token on browser session.
  5. If the session is available, web 2 would be able to perform for authentication with Okta based on their client id and retrieved their own set tokens.

But this workflow is very dependent on session cookies of the client browser. Are there any method which is less dependent on session cookies?

Besides that, the link below provide the method for Native SSO but is it also valid for Native-to-SPA SSO workflow too?

Any helps would be great please! :smiley:

Regards,
Nick