Hello,
Can you try the suggestion from this GitHub issue and see if it resolves your issue?
opened 08:27PM - 11 Sep 18 UTC
closed 10:58PM - 01 Nov 18 UTC
When we are using the token.getWithoutPrompt method from the OktaAuth object to … request a new access token with a specific scope for the user we are getting an OAuth flow timed out error message. It appears that in the method addPostMessageListener/responseHandler from token.js e.origin never matches the sdk.options.url that we are using causing the handler to return without resolving the promise. If I comment out the validation of the origin we get the new access token.
Does the validation need to be modified to make sure that the sdk.options.url includes the value of e.origin or is there something that we are doing wrong when setting up our OktaAuth object?
For example when debugging we will see values like the following.
e.origin = https://some.oktapreview.com
sdk.options.url = https://some.oktapreview.com/oauth2/{authorization_server_id}
Method from okta-auth-js.min.js / token.js
```
function addPostMessageListener(sdk, timeout, state) {
var deferred = Q.defer();
function responseHandler(e) {
if (!e.data ||
e.origin !== sdk.options.url ||
(e.data && util.isString(state) && e.data.state !== state)) {
return;
}
deferred.resolve(e.data);
}
oauthUtil.addListener(window, 'message', responseHandler);
return deferred.promise.timeout(timeout || 120000, new AuthSdkError('OAuth flow timed out'))
.fin(function() {
oauthUtil.removeListener(window, 'message', responseHandler);
});
}
```
Our script to make the request…
```
var authClient = new OktaAuth({
url: 'https://some.oktapreview.com/oauth2/{authorization_server_id}', //using a specific auth server
clientId: clientID,
redirectUri: redirectURL
})
authClient.token.getWithoutPrompt({
responseType: 'token',
responseMode: 'fragment',
scopes: ['newScope']
})
.then(function(tokenOrTokens) {
console.log('Token',tokenOrTokens);
})
.catch(function(err) {
console.log('Err',err);
});
```
Thanks