Implicit flow with - Vanila JS example - AuthSdkError Unable to parse a token from the url

Hi there,

I have been following example of implementing implicit flow from here.

I’ve also taken an example of how to parse token from Vanilla JS example. Specifically this part:

if (oktaSignIn.token.hasTokensInUrl()) {
    oktaSignIn.token.parseTokensFromUrl(

So when the request comes back from OKTA login page, i.e. https://dev-663739.oktapreview.com/oauth2/default/v1/authorize?client_id={client_id}}&response_type=token+id_token&scope=openid+email&redirect_uri={redirect_uri}&state={some_state_string}&nonce=ccDkLo1253ae

I get all correct query strings with values:

id_token={id_token_value…}
&access_token={access_token…}
&token_type=Bearer
&expires_in=3600
&scope=openid+email
&state={state}

But when I try to parse this with oktaSignIn.token.parseTokensFromUrl it ends up in throwing error:

name: “AuthSdkError”, message: “Unable to parse a token from the url”, errorCode: “INTERNAL”, errorSummary: “Unable to parse a token from the url”, errorLink: “INTERNAL”

One other note, if I just render widget on my site without redirecting to OKTA for login, then same code parses all tokens fine.

oktaSignIn.renderEl(
{ el: '#sign-in-container' },
function success(res) { },
function error(err) {
console.error(err);
}
);

Here is the full JS that I use:

var oktaSignIn = new OktaSignIn({
baseUrl: 'https://dev-663739.oktapreview.com',
clientId: '{client_id}',
redirectUri: '{redirect_uri}',
authParams: {
    issuer: 'https://dev-663739.oktapreview.com/oauth2/default',
    responseType: ['token', 'id_token'],
    display: 'page'
}
});

if (oktaSignIn.token.hasTokensInUrl()) {
oktaSignIn.token.parseTokensFromUrl(
    // If we get here, the user just logged in.
    function success(res) {
        var accessToken = res[0];
        var idToken = res[1];

        oktaSignIn.tokenManager.add("accessToken", accessToken);
        oktaSignIn.tokenManager.add("idToken", idToken);

        oktaSignIn.session.get(function (res) {
            if (res.status === 'ACTIVE') {
                // do something with active in user
            }
        });
    },
    function error(err) {
        console.error(err);
    }
);
} else {
oktaSignIn.session.get(function (res) {
    // If we get here, the user is already signed in.
    if (res.status === 'ACTIVE') {
        // do something with active in user
    }

    // redirect to OKTA login page to sign in
    //https://dev-663739.oktapreview.com/oauth2/default/v1/authorize?client_id={client_id}}&response_type=token+id_token&scope=openid+email&redirect_uri={redirect_uri}&state={some_state_string}&nonce=ccDkLo1253ae
});

I debugged a bit, seems the issue is with okta-oath-redirect-params cookie not being set. This is also mentioned here https://github.com/okta/okta-signin-widget/issues/525.

Any idea why it does not happen?