User17056847738629796440 (Customer) asked a question.
Validating a non-logged-in user's credentials. Keep original user's cookie and session
Users login to a webapp through okta oauth. In the app, some actions require a supervisor's credentials, submitted via a popup in the app. One potential option is to send the supervisor credentials to the /api/v1/authn endpoint to verify. Would this modify the sso cookie in the okta domain? I need the original user to continue using sso.
I can't think of any way the supervisor would be able to go through the oauth flow without killing the original user's session.
Hello @User17056847738629796440 (Customer) Thank you for posting on our Community page!
This question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out via devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-developer work).
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Ask Us Anything thru 7/14: Okta WIC leadership want to hear from you