I’m trying to load one of my Okta sites in an iframe in another one of my Okta sites. Problem is, the embedded site only loads when I have signed in to it separately beforehand. Otherwise, it gets stuck in a loop where it keeps refreshing over and over, just saying “Loading…”.
Ideally, I’d like a way of signing into the embedded app at the same time as signing in to the app that is embedding it.
When I go to the URL for that app, it does the same but then successfully signs in and loads the page. But when embedded, it gets stuck there, unless I have signed in to the app separately in which case the iframe works fine.
Any suggestions on what I might not have configured properly?
I’m not sure that response_mode=form_post will work within an iFrame.
You may want to look to use okta_post_message instead, which our docsdo mention should work within an iframe:
okta_post_message - Uses HTML5 Web Messaging (for example, window.postMessage()) instead of the redirect for the authorization response from the /authorize endpoint.
okta_post_message is an adaptation of the Web Message Response Mode. This value provides a secure way for a single-page application to perform a sign-in flow in a pop-up window or an iFrame and receive the ID token, access token, and/or authorization code back in the parent page without leaving the context of that page. The data object for the postMessage call is in the next section.