Inconsistent User Login Behavior in Django with Okta Integration

satyajit-marsdevs · January 15, 2024, 3:03am

Dear Okta Dev Community,

I hope this message finds you well. I am reaching out to seek assistance regarding an issue we are facing with user login behaviour in our Django application integrated with Okta.

Problem Statement:

When attempting to log in a second user immediately after the first user, the system consistently returns the details of the initial user, despite receiving a different access token. Surprisingly, this issue is not encountered when attempting the same process after a considerable delay of approximately three hours.

Relevant Context:

The Django application utilizes Okta for user authentication.
We observe the correct issuance of distinct access tokens for each login attempt.
The tokens retrieved exhibit the correct user details for the initial login.
The issue seems to persist for a specific period, approximately three hours, after which subsequent logins behave as expected.

Code Snippet in Python (Django):

# OktaLoginAPIView for user authentication

@authentication_classes([])

@permission_classes([AllowAny])

class OktaLoginAPIView(APIView):

  def post(self, request):

    try:

      # Extracting user credentials from the request

      username = request.data.get('username')

      password = request.data.get('password')

 

      # Initiating Okta authentication

      authn_url = f'https://{settings.OKTA_HOST}/api/v1/authn'

      authn_payload = {'username': username, 'password': password}

      authn_headers = {'Content-Type': 'application/json'}

      authn_response = requests.post(authn_url, json=authn_payload, headers=authn_headers)

      authn_response.raise_for_status()

      session_token = authn_response.json().get('sessionToken')

 

      # Building authorization parameters

      authorize_url = f'https://{settings.OKTA_HOST}/oauth2/default/v1/authorize'

      dynamic_state = secrets.token_urlsafe(16)

      auth_params = {

        'client_id': settings.OKTA_WEB_CLIENT_ID,

        'response_type': 'code',

        'scope': 'openid profile email offline_access',

        'redirect_uri': settings.OKTA_PASSWORD_REDIRECT_URI,

        'state': dynamic_state,

        'sessionToken': session_token,

      }

 

      # Constructing the redirect URL

      redirect_url = f'{authorize_url}?{"&".join([f"{key}={value}" for key, value in auth_params.items()])}'

 

      return JsonResponse({'status': True, 'data': {'redirect_url': redirect_url}}, status=status.HTTP_200_OK)

 

    except requests.exceptions.RequestException as e:

      # Handling authentication error

      error_message = 'An error occurred during login.'

      print('Error handling login:', e)

      return JsonResponse({'error': error_message, 'status': False}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)

Request for Assistance:

We kindly request your guidance in identifying the root cause of this issue and providing recommendations for resolution. I think the problem I am getting in the session, Additionally, any insights into the potential reasons for the delay in behavior normalization after three hours would be greatly appreciated.Preformatted text

louie · January 16, 2024, 8:28pm

Hi @satyajit-marsdevs, this appears to be due to the fact that the session cookie is being used over the session token, which could be as a result of not logging out of the previous session before establishing a new session as a new user. Please refer to the following documentation to clear the Okta session along with the application session at logout. Please let me know if this helps.

andrea · February 15, 2024, 8:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.