Authorisation code error

Most of the times, the login works well and occassionaly we get the following error:

{"error":"invalid_grant","error_description":"The authorization code is invalid or has expired."}

We use Okta for our SPA built using React and use the Okta Sign in widget code for custom login screen.

This doesn’t happen often, but seems to be the case at times and is pretty annoying that one has to relogin again.

Steps to go about:
User has logged in to the app, works fine. After a long time of inactivity ( > couple of hours ) on the app, the user is redirected to /login which after entering the valid details, the POST /token API returns a 400 status code, with the above JSON response where there is a redirection to /implicit/callback which says “ApiAuthError”. The user now has to manually go back to / page and then it takes the user to the /login route which loads the Okta sign in widget again asking for relogin.

Is there something that I’m missing to do on the SPA side.? Any help is much appreciated!

PS: Our sign in widget code uses the sample code put up on the sign in widget github sample repo.

are you doing PKCE flow (just to confirm)? also at this point you may want to capture traffic to see this situation and to inspect requests/responses.

Yes. We use PKCE flow. And it is more obvious when the user is logged in incognito… After 60mins the error occurs.

Also, I get

error: "invalid_grant",
error_description: "PKCE verification failed."

after 60mins of auth session.

Well, as I said, I can only recommend then capturing your traffic in browser network tab at the moment when it occurs and then analyze what has been sent and received

1 Like

For the first error, double check that the Okta config for the widget and the one for React both reference the same issuer. The initial login may be able to successfully get tokens for the user, but it sounds like the renewal of the tokens is failing.

For the second error, this also sounds like you’re running into this when the SDK attempts to autoRenew tokens for the user. You may need to update the version of the React and AuthJS SDKS to resolve it.

Take a look at this related Github Issue for context: https://github.com/okta/okta-oidc-js/issues/804#issuecomment-669312001

1 Like

Oh yes, updating the okta packages did work! Thank you so much y’all!