403 after token expired

matheusgois · February 1, 2022, 2:34pm

Hi,

I’m facing 403 error after my accessToken is expired and try to redirect to /login/callback, I’ve implemented some debug and console.log to check where was the issue:

After I go through the devTools>Application and delete all the cookie related at okta, my browser works fine.

What can I do to fix this issue? I’ve tried reloading, clean token, etc… and doesn’t work.

Environment::
“@okta/okta-angular”: “^5.0.0”,
“@okta/okta-auth-js”: “^5.10.0”,

andrea · February 3, 2022, 4:58pm

Are you combining an Angular SPA with a backend that’s receiving the Access Tokens (where the 403 could logically come from)? What is causing the application to attempt to redirect to /login/callback instead of to a login route for the app to initiate a new OAuth flow?

matheusgois · February 3, 2022, 5:05pm

Yes, I’m using backend to validate de token but after my token expired, I’m trying to redirect to my login page(callback is redirecting it) with redirect_uri.

andrea · February 3, 2022, 6:53pm

Are you catching the error when the backend throws a 403 at all? Should be simple enough to do so and redirect users encountering the 403 back to your application’s login page (which should not be the same thing as the callback route).

matheusgois · February 3, 2022, 7:09pm

It’s not too simple because when I catch the 403 I can’t delete the cookies and the Okta is handling the redirect route with params like this:

https://</url/>/login/callback?code=</code/>&state=VMhgbfDUIz68IegUoeJTWugdbr358V0rOvSI1DYOKxdoxlcAKXxdZNa8PKZ9h8wz

How can I stop this redirect with params though?

andrea · February 3, 2022, 7:24pm

oh, so you’re seeing an authorization code sent back to the callback? I’m guessing you also see an /authorize request in the network events that lead to this redirect. This looks like we’re already trying to renew the tokens for the user.

Is the callback route able to make the /token request to exchange the authorization code for tokens? or is the last request to Okta you see an /authorize call?

matheusgois · February 3, 2022, 7:45pm

Is the callback route, I’m using the OktaCallbackComponent to do it.

I’ve called /authorize when I login:

And then request to redirect:

matheusgois · February 4, 2022, 4:43pm

I’ve tried to redirect to my login page but I always get the navigation by okta and then get 403

Post		Replies	Views
400 Bad Request Page - Only after the idtoken expires OAuth/OIDC	3	3466	February 6, 2024
Expired token and old URL Questions	2	3395	January 26, 2024
When I leave my app Idle, and return to it after a long wait, instead of being redirected to the loing page, I'm getting a 400 error Questions dotnet , vue	2	3531	February 8, 2024
tokenManager.on('expired', callback): page redirected before callback finishes Questions	1	3255	January 25, 2024
Access Token expired when opening app in Okta Questions	2	4741	January 17, 2024

403 after token expired

Related topics