Goal
Avoid showing “User is not assigned to the client application” screen using OktaSignIn widget when global Okta session is active, but current user doesn’t have application access.
Setup
- You have 2 SPA applications in Okta
- Each application has 1 group of users assigned
- You are using OktaSignIn Widget for both applications
Issue
When going to the domain of application 1, you want to check if there is a global session.
- If the session is active, you want them to log in.
- The log in fails with “access_denied” message, because the global session is from user A which doesn’t have access to application 1, but has access to application 2 from which the global session was created.
That is fine and correct, but instead of showing the widget with the error message, we want to show the widget with username and password inputs, so the user can type in the email of user 2 which has access to application 1. Clicking the Back to sign in page also doesn’t work because Okta widget is still using the active global session.
How can me make the widget not check the global session when we get access_denied error?