Idx.authenticate flow gets uncaught AuthSdkError

I’m performing an idx.authenticate flow and intentionally entering an incorrect password.

The first login attempt fails as expected and the IdxTransaction response object contains a normal nextStep to enter password.

The second login attempt receives an uncaught AuthSdkError which reads:

remediate.ts:147 Uncaught (in promise) AuthSdkError:
No remediation can match current flow, check policy settings in your org.
Remediations: [select-authenticator-unlock-account]

at remediate (remediate.ts:147:11)
at remediate (remediate.ts:186:10)
at async getDataFromRemediate (run.ts:188:7)
at async run (run.ts:311:10)
at async Proxy.passwordAuthentication (ContextStore.ts:30:41)
at async onSubmit (AuthenicateRoute.vue:123:3)

This makes some sense because I would expect the select-authenticator-unlock-account remediation to only be available in the idx.unlockAccount flow; however, I’m uncertain why the error is unhandled and what I’m supposed to do on my end to handle it. Am I supposed to catch the exception and trigger an idx.unlockAccount flow? Or is the authenticate flow supposed to catch this exception and return a messages attribute with an error message saying the account is locked?

In the Okta Admin Console I have the following settings:

  1. Authenticators > Password > Password Settings:
  • Lock out user after 2 unsuccessful attempts
  • Show lock out failures
  1. Under the Default rule for the Password authenticator any user can perform password change, password reset, and unlock account. They can initiate recovery with email and no additional verification is required.