Error: did not find expected authorization request details in session

I’m trying to reproduce the sample Express app shown here:

However, after signing in, I am getting this error:

Error: did not find expected authorization request details in session, req.session["oidc:"] is undefined
    at C:\my_stuff\okta_test\node_modules\openid-client\lib\passport_strategy.js:126:13
    at OpenIDConnectStrategy.authenticate (C:\my_stuff\okta_test\node_modules\openid-client\lib\passport_strategy.js:174:5)
    at attempt (C:\my_stuff\okta_test\node_modules\passport\lib\middleware\authenticate.js:366:16)
    at authenticate (C:\my_stuff\okta_test\node_modules\passport\lib\middleware\authenticate.js:367:7)
    at Layer.handle [as handle_request] (C:\my_stuff\okta_test\node_modules\express\lib\router\layer.js:95:5)
    at trim_prefix (C:\my_stuff\okta_test\node_modules\express\lib\router\index.js:317:13)
    at C:\my_stuff\okta_test\node_modules\express\lib\router\index.js:284:7
    at Function.process_params (C:\my_stuff\okta_test\node_modules\express\lib\router\index.js:335:12)
    at next (C:\my_stuff\okta_test\node_modules\express\lib\router\index.js:275:10)
    at SessionStrategy.strategy.pass (C:\my_stuff\okta_test\node_modules\passport\lib\middleware\authenticate.js:343:9)

Here is what my app.js file looks like:


var createError = require('http-errors');
var express = require('express');
const session = require('express-session');
const { ExpressOIDC } = require('@okta/oidc-middleware');

var app = express();

const sessionConfig = {
  secret: process.env.APP_SECRET,
  resave: true,
  saveUninitialized: false

const oidc = new ExpressOIDC({
  issuer: `${process.env.OKTA_ORG_URL}/oauth2/default`,
  client_id: process.env.OKTA_CLIENT_ID,
  client_secret: process.env.OKTA_CLIENT_SECRET,
  appBaseUrl: process.env.HOST_URL,
  scope: 'openid profile'


app.get('/', (req, res) => {
  if (req.userContext) {
      Hello ${}!
      <form method="POST" action="/logout">
        <button type="submit">Logout</button>
  } else {
    res.send('Please <a href="/login">login</a>');

module.exports = app;

Hello! You have two forward slashes in the URL after the top level domain. Could be the root of your issue.

Good eye! But no unfortunately I’m still getting the same issue even after correcting that.

@Cale is there any chance that the “default” Authorization Server needs to be configured in a different way? It currently has all default values. Is there a way I can test to see whether or not the issue is on that end?

@andrew_plowright It shouldn’t have to do with your auth server config.

I just setup the sample myself and am not having issues. I see someone else had a similar issue at one point, perhaps their solution would help in your case?

Another option is to check out running auth-js in node here: okta-auth-js/samples/generated/express-web-with-oidc at master · okta/okta-auth-js · GitHub