Sign in Widget PIV redirecting only to okta homepage

Background info

We are using PIV card IDP with the piv configuration options. We are able to successfully sign in using the PIV Card, but it always is redirecting to the /app/UserHome

Expected behavior

Should redirect back to web application (http://localhost:3000/login/callback)

Steps to reproduce

const widgetRef = useRef();

useEffect(() => {
  if (!widgetRef.current) {
    return false;
  }
  console.log(config.oidc.redirectUri);
  const { issuer, clientId, scopes } = config.oidc;
  const widget = new OktaSignIn({
    baseUrl: issuer.split('/oauth2')[0],
    redirectUri: config.oidc.redirectUri,
    clientId,
    logo: '/react.svg',
    i18n: {
      en: {
        'primaryauth.title': 'Sign in to React & Company',
      },
    },
    authParams: {
      issuer,
      scopes,
      display: 'page',
      pkce: false,
    // responseType: 'id_token',
    },
    features: {
      idpDiscovery: true,
    },
    idpDiscovery: {
      requestContext: window.location.href,
    },
    piv: {
      certAuthUrl: 'https://dev-72405853.mtls.okta.com/api/internal/v1/authn/cert',
      text: 'Authenticate with a Smart Card',
      className: 'custom-style',
      isCustomDomain: false,
    },
    useInteractionCodeFlow: false, // Set to true, if your org is OIE enabled
  });
  widget.renderEl(
    { el: widgetRef.current },
    (res) => {
      // NEVER REACHES HERE
      // oktaAuth.handleLoginRedirect(res.tokens);
      if (res.status === 'IDP_DISCOVERY') {
        res.idpDiscovery.redirectToIdp();
      }
    },
    (err) => {
      throw err;
    },
  ).then((res) => {
    if (res.status === 'SUCCESS') {
    // user is authenticated
      console.log('user is authenticated', res.user);
    }
  });

Your environment

  • Okta Sign-In Widget Version: ^5.8.4
  • Browser: Chrome
  • OS: Windows 10
  • Language: EN

What you’re describing sounds like expected behavior: when logging in via an external IdP (such as PIV), the widget is only designed to redirect you to the Okta dashboard.

Do you see the requestContext you’re setting passed to Okta during authentication?

Have you looked into the Default App for Sign In Widget option to redirect the user somewhere specific after login (instead of the end-user dashboard).