I have built an SPA application using the Okta Auth SDK (tried in VueJS and Angular 8 separately) with a back-end micro-service written in Python. The back-end makes API calls into Okta (which require an admin token).
The user authenticates to the Okta server (including MFA) fine and is able to access the web application routes.
QUESTION: How can the back-end micro-service validate the currently logged in user session BEFORE making the Okta API request? (e.g. - If the user session is invalid or expired, then the appropriate response can be sent and the client side can redirect the user to log in again).
I tried making a call to /api/v1/sessions/me from the client side but I’m getting a CORS blocked request (YES: the trusted origins are configured). I think it’s because the current session cookie isn’t being sent.
QUESTION: Does the Okta AuthJS library have a call for this? (I couldn’t find one).