Hello,
We are working on a react-native application and trying to setup OAuth with SSO. We were able to setup the login flow successfully, but lots of issues happen when trying to log out.
- If the app is closed between logging in and out, logout works properly
- In this case, the session appears to be cleared and you are prompted for the username and password next time you login
- If the app is not closed between logging in and out, the next time we login, it will automatically authenticate the user. We are using
@okta/okta-react-native
’ssignOut()
to sign out of OKTA since we are following the web browser login flow.- To fix that, we added
prompt=login
so that it makes the user enter their password before signing in again. If they sign in again using just their password, it works fine. - However, when they press “Sign Out” (instead of entering their password) and attempt to sign in as a different user, they are not redirected to the provided
redirectUri
, instead they go to the okta application dashboard.
- To fix that, we added
To be clear, the bug I’m reporting is this:
When using
prompt=login
and a new user needs to login, OKTA does not follow the providedredirectUri
This problem can also be reproduced using react-native-app-auth
, which makes me think it is not due to a library, but OKTA’s login page.
I’m not an OAuth wiz or anything like that, so I don’t know if this matches OAuth2.0 spec, but it seems to me like not redirecting the user to the specified redirect url is a bug and probably goes against the spec.
Environment and Versions
- iOS 13 and Android 29
@okta/okta-react-native@^1.4.1
Since this appears to be a problem with the web login page, this information is probably irrelevant.