0

Is there an API (we are using the OKTA Sign In Widget) to get the original res.idToken?

Reason I ask is that users might hit our site after logging in to a different site and we need the idToken. We can tell if the session exists of course..

  oktaSignIn.session.exists((exists) => {

  if (exists) { oktaSignIn.session.get((res) =>

But I don't see an idToken in there.

Thanks!

James
  • 1,263
  • 2
  • 12
  • 12

2 Answers2

0

Can you use tokenManager to store the tokens? After receiving the id token, you can add it a tokenManager. The token can later be retrieved from there. Refer - https://github.com/okta/okta-signin-widget#oidc-tokenmanageraddkey-token

Vijet M
  • 11
  • 1
  • Thanks... our issue if that we have a portal.. users go there and login .. we (our app) is but a link from this portal (which we have no control over). We just want to ensure that a user is entitled to our app (they can login to the portal.. then go to our app... session api says we have a session.... but.. are they really entitled?) So... we want to find out. I've also tried using {{url}}/api/v1/apps?filter=user.id+eq+"{{userId}}"&expand=user/{{userId}} but it always returns an empty array. That however, would give me what I need... tx again for the response.... – James May 12 '17 at 08:23
0

Well.. seems like I can get a new IDToken. The docs say this:

oktaSignIn.idToken.refresh(token, function (newToken) {
  // New id_token with extended lifetime
});

My problem of course was that I did not have have a token to refresh. Turns out you can just do... (use null instead of a token)

oktaSignIn.idToken.refresh(null, function (newToken) {
  // New id_token with extended lifetime
});

Hopefully this is not a bug but a feature :-)

James
  • 1,263
  • 2
  • 12
  • 12