Using App Embed Link with session token, I still have to login through the login page, why?

hpesata · October 28, 2019, 8:04am

Hi!

https://developer.okta.com/docs/guides/session-cookie/overview/*retrieving-a-session-cookie-by-visiting-an-application-embed-link

As described, I am using the Authentication API (/api/v1/authn) to verify a users credentials.
Within the response I am getting a sessionToken, which I add to my Apps Embed Link, as described.

Unfortunately, the Okta Login page appears, instead of my Apps landing page.
What am I doing wrong ?

Thanx in advance for any hints!

Regards,
Hans

dragos · October 29, 2019, 12:23am

Hi @hpesata

Possible causes for this are the following:

The session token expired (by default it’s 5 minutes as mentioned here)
The session token has been reused (it can be used only once to create a session)
- If you would like for the user to access multiple apps, you can authenticate the user in Okta through CORS and then refresh the session in Okta from time to time to keep it active

hpesata · October 30, 2019, 10:03am

Hi!

I am using the sessionToken, immediately after calling /api/v1/authn, so the sessionToken should not be expired at this point and also not reused. According to the documentation, this should work.

I dont understand how CORS would help in this situation ?

Regards,
Hans

rnethi · October 12, 2020, 7:40am

Hi hpesata! Did you find solution to this problem? I am trying to test the same use case, but I cannot get the app embed links using the API or Okta dashboard page. I am using developer account. Thanks!

hpesata · October 13, 2020, 8:59am

Hi!
No, I didnt find a solution.
Good Luck !
Regards,
Hans

andrea · October 13, 2020, 6:33pm

@rnethi and @hpesata If you need to get an app embed link for an OIDC application, you must configure it to allow “Login initiated by Either Okta or App” as discussed in this article.