After session timeout then reloading the page, error message about client specified not to prompt

It seems that after this series of steps, we get this error message on every user’s console.
We’re using the latest okta-signin-widget, okta-auth-js, and okta-react libraries.

Session times out
Revisit the site
Get redirected to the login page but with error message in console:
“The client specified not to prompt, but the user is not logged in”

Functionality seems to be working fine but this error message makes me wonder if something is not acting as it should.

Can you explain what can cause this?
We are not in incognito mode nor blocking third party cookies.

Hi there. This is an expected error in the scenario laid out above. It comes from the getWithoutPrompt method in authjs when autorenew fires:

Essentially your tokens also expired and in order to try and retrieve fresh ones, autorenew runs getWithoutPrompt. This is an OIDC flow called in an iframe without prompting the user. In order to succeed, however, this method needs an active Okta session cookie. Because yours is expired, it throws that error in the console.

So this behavior is expected, but yet an error is logged? Is there a way to silent unnecessary error logging then? When dealing with production issues, unnecessary errors being logged can be distracting.

Or am I misinterpreting and we should be making a change on our end?

Since autorenew is running in “the background”, it would be best to display an error when it fails. If you don’t think you are using the autorenew functionality you could always disable it (by not initiating it).

Okay and just to verify…this is an expected failure and not somethign we should be concerned about? We are using autoRenew when a user is logged in. This failure is really just in a situation where there is nothing to renew.

@Cale To piggyback on this issue (but do tell me if I should start my own) we’re seeing this unhandled exception too and I understand it’s a bit of a red-herring. But for us, the users are stuck on a blank page and do not get forwarded to the Okta-hosted widget at all.

We use Angular and RouteGuards on the home page to force a log-in automatically which is a bit different than most examples though. Is there any special treatment needed to make sure they are actually forwarded to the login widget if it’s on the home route? thanks in advance!

@Cale We are using autorenew functionality. I would expect that if the token is “renewable” then it would renew, and if its not renewable (because its been expired for too long?) then it would just bring the user to the login page. I’m really not following why an error would get logged.

Just looked and looks like a new github issue has been started about this: Uncaught (in promise): OAuthError: The client specified not to prompt, but the user is not logged in. · Issue #977 · okta/okta-auth-js · GitHub

1 Like