I’m using @okta/okta-auth-js
client for signing in to my website with Okta users.
const authOktaClient = new OktaAuth({
issuer: oktaData.issuer,
clientId: oktaData.clientId,
redirectUri: beUrl + '/okta/callback`,
responseType: 'code',
pkce: false
});
authOktaClient.token.getWithPopup({
prompt: 'login'
}).then(res => {
let tokens = res.tokens;
authOktaClient.tokenManager.setTokens(tokens);
cb(null, tokens);
}, err => {
cb(err);
});
At the beginning I received an authorization code request form Okta to my BE and successfully converted it to the Okta access_token. For all sequential calls I see an Okta popup with hardcoded username that cannot be changed and when I enter a password the Okta completely bypasses my BE, redirects to the blank page and hangs up there:
https://mydomain.okta.com/login/step-up/redirect?stateToken=00g4GtzI98_asoZlkxIFg89xwOKO2fBsO7PvL_SpIw
Cleaning browser cache doesn’t help.