Some users blocked from getWithoutPrompt

Have an app with a fairly impressive user base, but I have just a few people with problems authenticating.

We are using okta-auth-js and implicit flow.

For the people with the issue, getWithoutPrompt (which internally uses the iframe and postMessage) fails silently.

Our Auth server is on a different domain than the application, so first suspect was third party cookies being blocked (which causes same issue), however I have confirmed for this handful of users that they are not blocking.

They do use antivirus (different for each user) and I am pursuing that line of investigation - but is there anything like a list of known issues with security appliances, vpns, antivirus, ad-blockers, etc…?

So far i have not been able to reproduce the issue with any of the antivirus packages that i have tried so far (macafee endpoint security, spyhunter 5)

Posting here in the hopes that someone has seen similar issues.

Many thanks,


Found the issue. First of all, I was swallowing the errors so it is my own fault it was failing silently.

The error? These users were on domains which had a bad time sync, so they all had clocks which were over 10 minutes slow.

The error?

The JWT was issued in the future