Short problem description: With a successful login and then an authorization failure, the login page is bypassed and only the authorization failure page displays on subsequent logins attempts
Problem: With a successful login, I perform some authorization checks on the user’s claims/attributes to verify that the user is allowed into the system. If the authorization fails, I want to ensure the user is redirected to the login page from the authorization error page. Or, if they enter the login url, they see the login page. But since the user successfully logged in, the user is authenticated in okta and a SID cookie is created to represent the authenticated user.
So when the authorization fails and I redirect the user back to the login page from the error page, or, the user enters the URL to login, the Okta login page does not display due to the SID cookie and the code to perform the authorization is executed again, which fails again.
Is there a way to ensure that the login page displays for the user even when the SID cookie is present? I’ve tried to ‘revoke’ the Okta session and ‘logout’ the user with the OIDC endpoints. But neither work due to the SID cookie being present. I tried the ‘authorize’ prompt=login but I get a different ‘verify’ password dialog than the Okta login dialog. I did manually delete the SID cookie and this forces the login page to display again which is the behavior that I’m looking for.