I had once been able to use the Okta CDN to quickly add the Okta Sign-In Widget to a single-page HTML application, thereby achieving an authentication requirement. This had been done on Okta Classic Engine.
Our organization has since moved to Okta Identity Engine, and I attempted to follow the provided example in the Embedded Okta Sign-In Widget fundamentals documentation as a starting point to build another SPA. However, the widget displays “There was an unexpected internal error. Please try again.” regardless of whether or not a user was already logged into Okta.
The documentation does say that Okta Developer Edition organization is needed, whereas our’s is not, and our Security > API did not have Authorization Servers to configure access policies. However, this hadn’t been a blocker when I previously built SPA’s within the organization.
Although for the time being, I’ve been able to create my own login form and pass the username/password to the Okta Auth API, I would prefer to use the embedded sign-in widget.
How would I get the embedded sign-in widget working within a single page app in Okta Identity Engine, in a non-developer edition organization now?
Our Okta login page URL does not contain a period at the end.
The Okta OIDC application was created, active, and assigned to me.
Additionally, the OIDC application’s Grant Type > Other grants > Interaction code was selected, as was Settings > Account > Embedded widget sign-in support > Interaction code.
As previously mentioned I had followed Embedded Okta Sign-In Widget fundamentals | Okta Developer step-by-step, replacing the {widgetVersion}, {yourOktaDomain}, {yourClientId} and redirectUri in the HTML/JS as necessary; the only exception being that our OIE does not have Security > API > Authorization Servers from which to configure the authorization server default policy. (Settings > Account > Embedded widget sign-in support shows that we have 0 authorization servers, with a link to https://{okta-admin-domain}/admin/oauth2/as which displays HTTP 500: Internal Server Error.)
Is the sign-in widget supposed to work in OIE, or only on the developer edition?
EDIT:
I should add that I get the following errors on the console:
Failed to load resource: https:{okta-domain}/oauth2/default/.well-known/openid-configuration. The server responded with a status of 401 ()
AuthApiError: You do not have permission to access the feature you are requesting at \n m (request.ts:64:11) \n at request.ts:182:13 \n (anonymous) @ (index):55
Failed to load resource: https:{okta-domain}/oauth2/default/.well-known/openid-configuration. The server responded with a status of 401 ()
Make sure to set the issuer for the widget to just your Okta Domain. This will tell the widget to use the Org Authorization Server. The Default one it is trying to hit is a different server and is associated with the paid API Access Management feature, which must not be available in the org you are testing.