9r17f (9r17f) asked a question.
sign in widget logs in but gives 403
I've set up a sign in widget successfully on oktapreview.com and am now trying to move my code to our app on okta.com. It can see a good 200 POST to authn from the sign in widget, but the GET to https://company.okta.com/login/sessionCookieRedirect gives a big 403 error. What's weird is I'm actually logged in - I can get to the okta home, or even directly back to to redirect URL I was using in the sign in widget. Any seen this / have a fix?? Same exact code and config as the app that works on oktapreview.com. Thanks,Nate
I'm late to the party but just in case anybody stumbles on this, Anthony's answer is 100% but I wanted to make it more precise. A 403 on a sessionCookieRedirect means that you didn't allow redirections to the target app in the Trusted Origins configuration, so it's denied. Note that I said the target app, not the app with the widget doing the redirect (unless it is the same app).
Also important: adding the URL to the "Login redirect URI" on the General Settings page of the application configuration is not used for sessionCookieRedirect, as far as I know those URIs support OpenID Connect.