OAuthError: The client specified not to prompt, but the user is not logged in

alhussain · October 7, 2024, 7:08am

We are encountering the following error when the app attempts to renew the token in the iOS app:

Error - OAuthError: The client specified not to prompt, but the user is not logged in.

We are using the following plugins in our Ionic Angular app (Angular 17, Ionic 7) for Okta authentication:
This setup works fine on desktop sites and Android apps, where the okta-auth-js plugin automatically handles token renewal. However, on iOS devices, the error persists.

Initially, we had an issue with third-party cookies being blocked, but we resolved it using the custom domain implementation recommended by Okta.

Any advice or solutions would be highly appreciated.

Reproduction Steps?

Log in to the app using Okta with the above widget version.
Inspect the app in Chrome DevTools “Mobile Mode” (to get the error log).
Wait for the access token and the refresh token to expire.
At the time of renewal, the error occurs, and the token refresh is unsuccessful on iOS devices.

FYI: We can recreate this issue in the Chrome browser when using Chrome DevTools in “Mobile Mode.”

SDK Versions

@okta/okta-signin-widget: 7.16.1
@okta/okta-angular: 6.3.2
@okta/okta-auth-js: 7.5.1

andrea · October 7, 2024, 3:21pm

This is due to the attempted Silent token renewal being made by the AuthJS library, and is reliant on the presence of an Okta session within the browser.

So the issue could be either: the Okta session is no longer present in the users browser and they must re-authenticate with Okta (with their username/password credentials) OR the application’s sign on policy (or Authentication Policy, if your org is on Okta Identity Engine) requires the user to validate a factor (for example, if your policy is set to challenge a user for a second factor every time) when logging in.

As you’re not seeing this issue on desktop sites and on Android, one option you can try is to enable Persistent Session Cookies for the Okta session, as described in the following guide: Share a sign-in session with native mobile apps | Okta Developer

system · November 6, 2024, 3:22pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Post		Replies	Views
Okta "The client specified not to prompt, but the user is not logged in" OAuth/OIDC	6	5160	February 8, 2024
Okta and ionic, Post and get methods do not get token to return to ionic application Questions	3	3135	February 10, 2024
Recent Upgrade to OIE, receiving "Client specified not to prompt, but the user is not logged in" after successful Authn and authorize calls OAuth/OIDC	2	1805	December 5, 2023
SSO issue when logging out of an app Questions	2	5021	January 12, 2024
Okta authentication error OAuth/OIDC ionic	2	7410	October 31, 2017

OAuthError: The client specified not to prompt, but the user is not logged in

Related topics