I've set up a sign in widget successfully on oktapreview.com and am now trying to move my code to our app on okta.com. It can see a good 200 POST to authn from the sign in widget, but the GET to https://company.okta.com/login/sessionCookieRedirect gives a big 403 error.
What's weird is I'm actually logged in - I can get to the okta home, or even directly back to to redirect URL I was using in the sign in widget.
Any seen this / have a fix?? Same exact code and config as the app that works on oktapreview.com.
Bit late replying to this, I stumbled across when I hit the same issue. Hopefully by now you have solved this but if not try adding a trusted origins entry with CORS and Redirect, that is Security -> API -> Trusted Origins.