Currently, using 1.6.0 of the scripts and CSS files. I have the widget integrated in my Angular 1.5.x app. I have been experiencing issues receiving 404 when trying to render the OKTA Widget as its GET request to:
https://*.oktapreview.com/api/v1/sessions/me
Which means that the widget gets rendered once and I am able to log in, but once I log out, I am not able to re-render the widget without having to refresh the browser first.
Has anyone found and resolved this issue?
I think this might be related to this Stack Overflow issue. Can you check your privacy settings?
The reason for this issue is because the widget exchanges the sessionToken (which you get after logging in) with an id_token via a hidden iframe, at which time the session cookie is also set. But, since this is in an <iframe>, it's considered a third-party cookie.
There is currently no good way around this when your browser has third-party cookies disabled without redirecting to Okta to set the session cookie. A new version (1.8.0) of the widget is going to be released this week will make this easier (See this commmit which addresses this issue). With this new version, passing in authParams.display = 'page' will perform the call to /authorize via a redirect rather than through the hidden iframe.
Now that 1.8.0 is available via Okta's CDN, here is a sample of how to use the authParams.display = 'page' setting described above:
<script>
var config = {
baseUrl: 'https://YOUR-OKTA-ORG-HERE.okta.com',
clientId: 'YOUR-OKTA-CLIENT-ID-HERE',
redirectUri: 'YOUR-REDIRECT-URL-HERE',
authParams: {
responseType: 'code',
display: 'page',
scopes: ['openid', 'email', 'profile'],
}
};
var oktaSignIn = new OktaSignIn(config);
oktaSignIn.renderEl({ el: '#app-container' }, () => {});
</script>
