if you’re trying to do anything with the Okta sessionToken, you should know that its an ephemeral token thats just being used by the widget to complete the /authorize call after user has completed primary authentication (the sessionToken is proof of the user completing primary auth).
There are a couple of ways to get information like this, but the simplest one is a CORS request to /api/v1/sessions/me from the browser where the user logged in (the Okta session cookie will be the auth for this request). See our API docs for more details Sessions | Okta Developer
If that doesn’t work and/or you need to make this request from your completely separate backend, you could look to store the user’s session ID within one of their tokens. Your backend could then make a request to /api/v1/sessions/{{sessionId}} (with an API token for auth) to get these details. Check out my response in this thread for details: Validate access token is linked to Okta session - #2 by andrea
However, I should note that as soon as the user is logged into your app, and, particularly if your app uses refresh tokens to keep them logged in, the Okta session is more or less divorced from the tokens the user was issued. The Okta session only needs to exist to log the user into Okta. After that, it would only be important if refresh tokens were not being used by your application and the user’s tokens have expired. Its worth knowing that, if refresh tokens are used to extend the user’s application session, that the session ID will not be sent in a request for an Inline Token Hook, because the user’s session wasn’t used to request the token, the refresh token was.