Authentication retry fails inside Banno widget

To make it possible for users to retry authentication (including inside the widget on the dashboard) we placed a redirect URI hyperlink, which triggers user authentication. But when trying to authenticate by this hyperlink, the banno server gives a response with the 400 code.

Authentication process scenario

• The user is already authenticated in Banno and is on the dashboard. Further, if the user’s authentication fails in the external application, an “Try again” hyperlink appears in the widget.
• Clicking the link leads to the same url that is specified in the developer environment in the widget settings. This is the endpoint for SSO user authentication in the external application.
• Next, the banno server gives a response with code 400.

Important details

• This issue occurs inside of the Banno widget on the dashboard (card-face-view),
• and doesn't occur outside of the Banno widget after card (widget) action button clicking (expanded-view).

I reproduced the issue in the repository I cloned from the "Simple Plugin Example". Repo hyperlink: https://github.com/Alexandr-Safariantc/banno-simple-plugin-example/tree/Reproducing-authentication-retry-failure-inside-banno-widget

Branch name: Reproducing-authentication-retry-failure-inside-banno-widget

Please find the detailed information in the README file.

Looking at the logs after reproducing - I believe the issue is a browser restriction with 3rd party cookies. Since the plugin is hosted on an unrelated domain to to the authentication - the authentication server cannot set a cookie. (eg. plugin is hosted on https://example.com/ that redirects to https://fi-domain.com/a/consumer/api/v0/auth - since the flow was initiated form example.com the next URL cannot set cookies).

2 Solutions for now:

1. If there's an issue and auth flow needs to be reinitiated - have the user refresh the page OR pull-to-refresh on mobile

2. Host the plugin at a similar domain to the FI so that 3rd party cookies don't apply