OAuthError: The client specified not to prompt, but the user is not logged in

Questions OAuth/OIDC
,
1

We are encountering the following error when the app attempts to renew the token in the iOS app:

Error - OAuthError: The client specified not to prompt, but the user is not logged in.

We are using the following plugins in our Ionic Angular app (Angular 17, Ionic 7) for Okta authentication:
This setup works fine on desktop sites and Android apps, where the okta-auth-js plugin automatically handles token renewal. However, on iOS devices, the error persists.

Initially, we had an issue with third-party cookies being blocked, but we resolved it using the custom domain implementation recommended by Okta.

Any advice or solutions would be highly appreciated.

Reproduction Steps?

  1. Log in to the app using Okta with the above widget version.
  2. Inspect the app in Chrome DevTools “Mobile Mode” (to get the error log).
  3. Wait for the access token and the refresh token to expire.
  4. At the time of renewal, the error occurs, and the token refresh is unsuccessful on iOS devices.

FYI: We can recreate this issue in the Chrome browser when using Chrome DevTools in “Mobile Mode.”

SDK Versions

@okta/okta-signin-widget: 7.16.1
@okta/okta-angular: 6.3.2
@okta/okta-auth-js: 7.5.1

2

This is due to the attempted Silent token renewal being made by the AuthJS library, and is reliant on the presence of an Okta session within the browser.

So the issue could be either: the Okta session is no longer present in the users browser and they must re-authenticate with Okta (with their username/password credentials) OR the application’s sign on policy (or Authentication Policy, if your org is on Okta Identity Engine) requires the user to validate a factor (for example, if your policy is set to challenge a user for a second factor every time) when logging in.

As you’re not seeing this issue on desktop sites and on Android, one option you can try is to enable Persistent Session Cookies for the Okta session, as described in the following guide: Share a sign-in session with native mobile apps | Okta Developer

1 Like