Using okta hosted login widget

I have managed to get the authenticated user over to my application. But my application needs to know what the new user’s email address is. How can I get this? I am programming on php under docker.

What type of application are you working on? Is it an OIDC app? If so, you can get the user’s email from an ID token if/when you request the ‘email’ scope.

Hi Andrea. Here is my application description. It is a freemium application running on the open internet that allows users to develop a study for their own use. I store each user’s info under their email address. I store the users email address on my system in AWS RDS. Once a user authenticates and gets passed into my app, I need to determine their email address so I can download their artifacts and their data in general.

Is their a way that I can determine the email of a newly passed in user? I am using the okta hosted login widget.

Its very doable if you configure the app as an OpenID Connect application. Like I was hinting at earlier, if your applications requests ID tokens on behalf of the user, you can request the ‘email’ scope when you do so, which means that the payload for the id token will include a claim containing the users email address.

Another option is to make a AJAX/Fetch request to the /users/me endpoint. As long as the user has an active session in the browser AND their browser does not block third party cookies (the okta session cookie used for this call is on the okta domain), you can get information about the user back, including their profile in Okta.

If you are worried about browsers that block third party cookies or need to access this information from a backend, I definitely recommend looking into OIDC. Maybe check out one of our samples to get started: Okta, Inc · GitHub

Thanks Andrea. Can I stick with the okta hosted login and also use openid?

Absolutely! If you construct an /authorize request and then paste it in your browser, it will redirect you to Okta to login (if you’re not already logged in), before sending you back to your application (via a redirect_uri in the request) with the tokens, so you don’t even have to use an embedded login page.

This is how our okta-hosted-login samples work, if you want to see it in action. I’m biased towards React: samples-js-react/okta-hosted-login at master · okta/samples-js-react · GitHub