we have two web application (one Java Spring MVC and another SPA).
They both need to SSO when user navigates between them both ways.
The Java Spring MVC web application is authenticating using Okta APIs (/api/v1/authn/).
And we have created Okta OIDC App for the SPA app.
Currently the Java Web Application has custom login page and redirect page as well.
And SPA app does not because use will navigate to it after login on Java Web application.
Now, what we observed that even after user authenticates on Java Web application, when we navigate back to SPA web application, that same user doesn’t have the session.
We are having to call “oktaService.loginRedirect(”");" for the PKCE login flow to work. unless that’s done, the user is not identified already on Okta.
We are thinking to go the session Token way where SPA app will call the session APIs to using the session cookie that the Java Web application will acquire after successful Login.
Kindly guide if this is the only way to achieve it or there are any other recommended way.