Most of the times, the login works well and occassionaly we get the following error:
{"error":"invalid_grant","error_description":"The authorization code is invalid or has expired."}
We use Okta for our SPA built using React and use the Okta Sign in widget code for custom login screen.
This doesn’t happen often, but seems to be the case at times and is pretty annoying that one has to relogin again.
Steps to go about:
User has logged in to the app, works fine. After a long time of inactivity ( > couple of hours ) on the app, the user is redirected to /login which after entering the valid details, the POST /token API returns a 400 status code, with the above JSON response where there is a redirection to /implicit/callback which says “ApiAuthError”. The user now has to manually go back to / page and then it takes the user to the /login route which loads the Okta sign in widget again asking for relogin.
Is there something that I’m missing to do on the SPA side.? Any help is much appreciated!
PS: Our sign in widget code uses the sample code put up on the sign in widget github sample repo.
Well, as I said, I can only recommend then capturing your traffic in browser network tab at the moment when it occurs and then analyze what has been sent and received
For the first error, double check that the Okta config for the widget and the one for React both reference the same issuer. The initial login may be able to successfully get tokens for the user, but it sounds like the renewal of the tokens is failing.
For the second error, this also sounds like you’re running into this when the SDK attempts to autoRenew tokens for the user. You may need to update the version of the React and AuthJS SDKS to resolve it.