Sign in to embedded app

I’m trying to load one of my Okta sites in an iframe in another one of my Okta sites. Problem is, the embedded site only loads when I have signed in to it separately beforehand. Otherwise, it gets stuck in a loop where it keeps refreshing over and over, just saying “Loading…”.

Ideally, I’d like a way of signing into the embedded app at the same time as signing in to the app that is embedding it.

When the embedded app says “Loading…”, it’s trying to load the following page:

When I go to the URL for that app, it does the same but then successfully signs in and loads the page. But when embedded, it gets stuck there, unless I have signed in to the app separately in which case the iframe works fine.

Any suggestions on what I might not have configured properly?

I’m not sure that response_mode=form_post will work within an iFrame.

You may want to look to use okta_post_message instead, which our docs do mention should work within an iframe:

okta_post_message - Uses HTML5 Web Messaging (for example, window.postMessage()) instead of the redirect for the authorization response from the /authorize endpoint.
okta_post_message is an adaptation of the Web Message Response Mode. This value provides a secure way for a single-page application to perform a sign-in flow in a pop-up window or an iFrame and receive the ID token, access token, and/or authorization code back in the parent page without leaving the context of that page. The data object for the postMessage call is in the next section.

Will this only work for a single-page application? The site that I am trying to embed is set up in Okta as a web application.

Is there a guide somewhere on how I can set the response_mode to okta_post_message in my .NET core app?