Handling Session Expiry and Improving User Experience in Passwordless Authentication Flow with Okta

We are implementing a passwordless authentication flow without MFA or security questions for both sign-in and sign-up using the Okta Identity Engine, the Okta SDK for Angular (@okta/okta-angular v6.2.0), and Auth JS (@okta/okta-auth-js v7.4.2).

The Okta admin console is configured to use the Email authenticator for authentication and recovery, with an email challenge lifetime of 5 minutes (default). For code verification, we use the oktaAuth.idx.proceed({ code }) method, which calls the /idp/idx/challenge/answer API.

An issue arises when the code is entered after the 5-minute challenge lifetime has expired. In such cases, the answer API call succeeds, but the response contains the message: “Your session has expired. Please try to sign in again,” along with the i18n error key: error.expired.session. This creates a suboptimal user experience since the API response indicates success, but the session is considered expired.

We are looking for guidance on how to address this issue and enhance the user experience. Additionally, is there a method in the SDK to check whether the session is active in this situation? Please find the screenshot of the answer API response for reference.

Hi,

okta-auth-js do have functions to get data about Sessions which can be used to check if the session is expired or not.

Though it would be better if you can just rely on the IDX transaction object to handle such edge case scenarios. Even though the idx.proceed will have with the Email OTP not result in a 4xx Error but the Transaction object will have the Session expired message. You can leverage this messages object to handle the UI for the endusers

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.