samples-js-react icon indicating copy to clipboard operation
samples-js-react copied to clipboard
verified publisher icon okta

How should an SPA choose a client ID?

Open mhansen0314 opened this issue 5 years ago • 2 comments

I've seen this question posed a couple of times, but haven't found the answer.

What is the best practice for an SPA that must choose from multiple client IDs when authenticating a user? I'm guessing that the answer is the same regardless of whether those client IDs equate to multiples instances of the same app configured under one org, or multiples instances of the same app appearing in multiple orgs via the OIN.

Should specific URLs map to a client ID? This would require users to log in using a specific URL:
myapp.mycompany.com/friendly_name_for_client_id_1 myapp.mycompany.com/friendly_name_for_client_id_2

Should subdomains map to a client ID? This would require users to log in using a specific subdomain:
friendly_name_for_client_id_1.myapp.mycompany.com/ friendly_name_for_client_id_2.myapp.mycompany.com/

I hope there is a simpler answer. Any help is appreciated.

mhansen0314 avatar Aug 20 '20 23:08 mhansen0314

@mhansen0314 If I understand your question correctly. You are trying to configure multiple okta clients (by clientId) in one SPA. As it's a SPA app, I would manage a map on the client-side to route properly. I think your first option should work with proper routing setup.

shuowu avatar Aug 21 '20 17:08 shuowu

Thank you for your response. We will likely start with that approach. I imagine that this has been tackled by some large players, so I'm surprised it's not covered somewhere on the Okta dev site.

mhansen0314 avatar Aug 21 '20 20:08 mhansen0314