When I submit by the form approach, it sets the cookie successfully. However, when I call other APIs, it doesn’t send the cookie automatically. So since the form submission work, can I access the cookie somehow?
The app on the freshworks platform that renders in the iframe in the browser has the following restrictions for a ticket sidebar:
allow-popups,allow-modals ,allow-downloads are others not helpful for our discussion.
Coming to your requirement – as I understand it — As soon as the app renders within the Freshdesk, it should trigger SSO flow and access different content in the iframe. Authorized tokens would be needed to consume an API you want from the app.
The app is rendered from subdomain.app-platform.com will treat the cookies set after SSO as third-party cookies set (even with Set-Cookie: session=your_session; SameSite=None; Secure ) on subdomain.freshdesk.com. Because the iframe is restricted by sandbox attribute without allow-top-navigation (can only get not set with this attribute) with different origins of parent and iframe src, the app cannot access cookies to be sent along with the requests via Request Method (Or platform should explore a way to accomplish it and make it available for the app developers).
I am not a expert, but here were there references I’ve used to extend help: