Users login to a webapp through okta oauth. In the app, some actions require a supervisor’s credentials, submitted via a popup in the app. I didn’t want to handle credentials directly in the app, but looks like I’ll probably have to. One potential option is to send the supervisor credentials to the /api/v1/authn endpoint to verify. Would this modify the sso cookie in the okta domain? I need the original user to stay logged in and continue using sso.
Given your requirements, I recommend using Okta’s Authentication API (/api/v1/authn) to verify supervisor credentials. This method allows you to:
- Keep credential handling server-side
- Verify supervisor credentials without modifying the current user’s session
- Maintain the original user’s SSO capabilities
Implementation steps:
- Create a server-side endpoint in your application that accepts supervisor credentials.
- When supervisor approval is needed, send a request from your frontend to this endpoint.
- Your server-side code should then make a request to Okta’s
/api/v1/authnendpoint to verify the credentials. - Based on Okta’s response, grant or deny the supervisor action in your application.
This approach provides a secure way to handle supervisor approvals without affecting the current user’s session or SSO capabilities. It also keeps sensitive credential handling on the server-side, enhancing security.
NOTE: Remember to implement proper error handling and security measures, such as rate limiting and HTTPS, to protect against potential attacks.
1 Like
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.