I have a single page app using Okta for authentication and I’m trying to improve the experience on opening a new window. We just need the auth and id tokens.
There is a three step process:
use tokenManager to check for an available token. It will only return them if they aren’t expired.
if no tokens, token.getWithoutPrompt in case there is still a session out there. if there is, we can get the tokens without redirecting.
if all else fails, the user is not authenticated so token.getWithRedirect
I am tearing my hair out because I think i have this down to the simplest possible logic, yet sometimes it still fails.
The failure seems to take the form of token.getWithoutPrompt failing silently so we don’t know we have to redirect. Generally if user needs to login we’ll see ‘error.errorCode: login_required, error.description: The client specified not to prompt, but the user is not logged in.’, which takes us unto the reject which will then getWithRedirect. We can see this in the console as well so that’s how we noticed it wasn’t happening sometimes.
In the failure case I don’t see this getting thrown and it is exiting without redirecting so i’m left with no tokens.
The response from the call to getWithoutPrompt (/auth in an iframe) looks the same as it does any other time the user needs to log in.
The only thing i see that is different is that, consistently in the cases that fail, instead of &response_type=token%20id_token it is getting called with just &response_type=token. I’m always specifiying both in the oauthOptions.
Has anyone seen this? Why is the error not getting thrown? I was thinking of just going over it again until it works but that seems silly. it should fail successfully and predictably when there is no session.
This seems to happen first thing in the morning for people, but also randomly at intervals. I am at a loss.