Session Cookie Redirect Links
Opened this issue · 4 comments
Hi, our organization's Access Management team has an Okta login page that uses a session cookie redirect link to set a cookie with some custom styles before launching the OIDC workflow. Is there a way to handle this with the iOS library?
https://developer.okta.com/docs/guides/session-cookie/overview/#retrieving-a-session-cookie-by-visiting-a-session-redirect-link
Our flow
<domain>/setLoginContext?uxmode={"signuplink":{"hidden":true}}&redirect_uri=<requestURL>
our setLoginContext parses the uxmode param and sets the cookie, then redirects to the okta requestURL built with the clientId, clientSecret, scope, nonce, codeChallenge, etc.
Our mobile development team was looking to create an extension to the library, but wanted to check if there was anything that supports this workflow first, though I didn't see anything in the documentation.
@PAronofsky Thank you for the question. As I understand it, this workflow is supported. Your iOS application can open a web view or launch an external browser to show the custom okta login page. The redirect uri in this case will likely be using an app uri, like myapp://login/callback. Your app can handle this callback on the redirect from Okta: https://developer.okta.com/docs/guides/sign-into-mobile-app/ios/define-callback/
Please let us know if this resolves your issue.
So, does this mean we should not use the library? Maybe I'm using the wrong terminology. We need to go to <setCookieDomain>/setLoginContext?uxmode={"signuplink":{"hidden":true}}&redirect_uri=<oktaDiscoveryUri+ParamsGeneratedByOktaLibrary> as described in the session cookie redirect link.
Or are you suggesting opening a browser to go to the setCookieDomain, redirect back to our app, and then use the library to open another browser with the Okta login flow?
@PAronofsky In general we recommend using OIDC flow over the session token. That being said, I think your custom login page could pass the sessionToken directly to your native application (using a custom app URI, for example: myapp://login-with-session-token?sessionToken=XXXX. Then your app should be able to use the sessionToken to authenticate: https://github.com/okta/okta-oidc-ios#authenticate
I don't think we're on the same page, sorry for the almost 2 month delay, we ended up getting busy, and I wanted to dig into the code and try a couple approaches before submitting a PR.
I have one here to demonstrate what we're trying to accomplish. Not getting a "session token" but setting a "session cookie" before opening the login page.
#298