Validate authorization from cookies on nodejs


I’m implementing a React SPA with Server Side Rendering (SRR). Now, I understand SRR isn’t supported by Okta.
That being said, I’am trying to make it work by coding the process manually.

When first rendering on server side, I’m able to read the cookies with okta-oauth-nonce and okta-oauth-state set. Is this possible from there to make a backend call to Okta APIs to validate my used identity?


Hi @Gabbou

What API call would you like to call to validate the user’s identity?

If checking for user existence, then you can take the subject from the ID token and use it on a call to /api/v1/users/{sub_here} to see if the user exists.

If checking for the user session, then you would need to do a request through the front-end channel to /api/v1/sessions/me and pass the response to the back-end channel.

Since I am rendering from server, I have access to cookies in the request, but I need to validate them to give access to the route or not. So yea I wanna check for the user session.

If I do this client side, this mean I would need to first render an empty page, make the call, receive it and then redirect again…

Is there anything I can do with these cookies? How does the client validate it?