"prompt=login" not redirecting to the redirectUri after logging out

Hello,

We are working on a react-native application and trying to setup OAuth with SSO. We were able to setup the login flow successfully, but lots of issues happen when trying to log out.

  • If the app is closed between logging in and out, logout works properly
    • In this case, the session appears to be cleared and you are prompted for the username and password next time you login

  • If the app is not closed between logging in and out, the next time we login, it will automatically authenticate the user. We are using @okta/okta-react-native's signOut() to sign out of OKTA since we are following the web browser login flow.
    • To fix that, we added prompt=login so that it makes the user enter their password before signing in again. If they sign in again using just their password, it works fine.
    • However, when they press “Sign Out” (instead of entering their password) and attempt to sign in as a different user, they are not redirected to the provided redirectUri, instead they go to the okta application dashboard.

To be clear, the bug I’m reporting is this:

:exclamation: When using prompt=login and a new user needs to login, OKTA does not follow the provided redirectUri :exclamation:

This problem can also be reproduced using react-native-app-auth, which makes me think it is not due to a library, but OKTA’s login page.

I’m not an OAuth wiz or anything like that, so I don’t know if this matches OAuth2.0 spec, but it seems to me like not redirecting the user to the specified redirect url is a bug and probably goes against the spec.

Environment and Versions

  • iOS 13 and Android 29
  • @okta/okta-react-native@^1.4.1

    Since this appears to be a problem with the web login page, this information is probably irrelevant.

Related Links

@aklinker1-alt Can you please open a support ticket through an email to support@okta.com with this issue? One of our Developer Support Engineers will take the case and assist you. Thanks

@Lijia Thanks for the reply!

We found a different work-around for our use case. It’s not ideal since iOS shows a confirmation dialog every time you open an auth sessions, even when logging out of SSO to clear the session, but it works for now. Unless something changes, I probably won’t reach out to the support team.

@aklinker1-alt Thanks for the update. Glad to hear the issue is resolved by the workaround!
Yes, you can create tickets to support team whenever you have any follow up questions. We will assist your issues anytime.