I am currently using the Okta SignIn widget for a SPA to have users login and redirect back to our App. The widget seems to be mostly working, access and ID tokens are being sent back with a successful login and redirect. When a user who is not assigned to the app tries to log in, they still redirect, but are not given a token, and the access denied error is fed back through the URL (“access_denied&error_description=User+is+not+assigned+to+the+client+application.”). After getting a few questions answered by support, it would appear that this is intended behavior, and it is up to us to handle the information and deny the login.
I have been looking through the SignIn widget Github, and it looks like this authentication failure should be pushed back and displayed on the widget (see below).
function error(err) {
// The widget will handle most types of errors - for example, if the user
// enters an invalid password or there are issues authenticating.
//
// This function is invoked with errors the widget cannot recover from:
// 1. Known errors: CONFIG_ERROR, UNSUPPORTED_BROWSER_ERROR, OAUTH_ERROR
// 2. Uncaught exceptions
}
So does anyone know if there is a way to display the authentication error on the widget like the github states? Or at the very least, a way to feed that information back to the user when they get the authorization error, short of redirecting back to the login when no access token is present and displaying a pop up?