According to the documentation, our problem is that
Starting with Jive version 4.5.7, all Jive cookies that are set by the server (not via the client or browser) have the HttpOnly flag.
Since that flag is set, the JS SDK does not pick up the cookie, and hence our calls to the 3rd party fail as unauthorized. Some research shows that Jive is setting the HttpOnly flag via an Apache rewrite rule. We are in touch with hosting to see if the rewrite rule can be altered to set the required cookie as non-HttpOnly. However, since this seems like a fairly generic pain point, we are curious to hear the community's thoughts on this. Has anyone out there run into this problem before, and if so were you able to address the issue without involving hosting and changing the Apache configuration?
For future reference: We were unable to identify alternative approaches, so we ended up having hosting adjust the Apache configuration in both UAT and PRO environments. With the change they made, we are now able to set the cookie without the httpOnly flag being set. Apache supports both hard-coded cookie names as well as cookie name patterns, which was helpful in our case since the name of the cookie we are dealing with is auto-generated but stays within a defined naming convention.