Widget not recognizing previous partial authentication challenge

Questions
,
1

I am having trouble getting a particular scenario to work. I discovered the samples-aspnet-master\self-hosted-login example, and it exhibits the same problem behavior. My application is ASP.Net MVC 5 (.Net 4.8). What can I do to achieve the “Desired behavior” with the steps below?

Steps to reproduce in the samples-aspnet-master\self-hosted-login example:

  1. I open the browser and log into our Okta domain, which requires username/password, but not MFA.

  2. I navigate to the sample application’s Home/Profile route, which requires authentication.

  3. Because my website requires MFA, it recognizes that I am not properly authenticated and the website redirects me to the local Account/Login route that hosts the widget.

  4. At this point the problem occurs
    a) Desired behavior: The widget should recognize that I already provided my username/password from when I logged into the Okta domain and should forward me to the MFA screen.

b) Actual behavior: The widget displays the username/password challenge, even though I already supplied that when I logged into the Okta domain.

The widget code in the example looks like this:

signIn.renderEl({ el: ‘#widget’ }, (res) => {
var sessionTokenField = $("#hiddenSessionTokenField");
sessionTokenField.val(res.session.token);
var form = sessionTokenField.parent();
form.submit();
}, (err) => {
console.error(err);
});

I am wondering if the widget code should look more like this other example, but when I tried this, it did not work.

oktaSignIn.session.get(function (res) {
// Session exists, show logged in state.
if (res.status === ‘ACTIVE’) {
var url = $("#RedirectTo").val();
location.href = url;
return;
}
// No session, or error retrieving the session. Render the Sign-In Widget.
else if (res.status === ‘INACTIVE’) {

    oktaSignIn.renderEl(
        { el: '#okta-login-container' },
        function (res) {
            if (res.status === 'SUCCESS') {
                console.log('User %s succesfully authenticated %o', res.user.profile.login, res.user);
                res.session.setCookieAndRedirect(window.location.origin);
            }
        }
    );
    return;
}
else {
    alert(res.status);

}

});