I am trying to get the current session Object from Okta using the sessions/me endpoint called from Javascript (Redux action), but I get a not found response, even when I have an active session.
It's not CORS related, I enabled CORS for my domain.
The best I can tell is a cookie related issue. When I call sessions/me from the browser directly, I see the browser attaching multiple cookies to my request. When I call from javascript, there are no cookies attached to the request.
Is there a way, from Javascript to have access to the cookie needed for sessions/me to succeed?
I'm guessing this is a 3rd party cookie issue:
https://blog.zok.pw/web/2015/10/21/3rd-party-cookies-in-practice/
For example, in Safari privacy settings, I am able to repro the 404 on sessions/me if I set "Cookies and website data" to "Allow from current website only". If I set it to "Allow from websites I visit", I no longer get the 404 and /sessions/me works as expected.
Which browser are you using? Please see the following page to learn more about CORS and browsers supported: http://developer.okta.com/docs/api/getting_started/enabling_cors.html#browser-support
来源:https://stackoverflow.com/questions/39537490/okta-sessions-me-returning-404-when-called-from-javascript-redux