SSO issue when logging out of an app

Questions
1

Sorry to say I have hit another snag that I could use some guidance with if possible!

I have two identical apps running, when I login to App A a session cookie is stored along with an id & access token. When I then navigate to App B the session cookie is present and, using okta-signin-widget, I can see that I have an okta session when calling session.get().

However the id and access tokens are not present so I am then using okta-auth-js to make a call to token.getWithoutPrompt to retrieve my tokens and add them to the token manager.

This all works perfectly and both apps are in the state that I would like to see them in for SSO.

When I hit logout on either of the apps I clear the tokenManager and logout of my okta session. This works perfectly for the app I am currently in.

The issue I have hit comes when I then navigate to the other app. If there is no okta session then the app clears the tokenManager and forces the user to login again. However I then get an error in the console…

error.errorCode: login_required, error.description: The client specified not to prompt, but the user is not logged in.

ERROR Error: Uncaught (in promise): OAuthError: The client specified not to prompt, but the user is not logged in.

I’ve added some console.logging to my code to ensure that it doesnt hit the getWithoutPrompt call that I have. I’m guessing this comes from within the login widget somewhere?

Steps:

  1. Login to AppA with implicit flow redirecting to /implicit/callback
  2. Tokens in local storage along with cookie for state and nonce
  3. Navigate to AppB
  4. AppB identifies that there is an Okta session and uses okta-auth-js to call getWithoutPrompt to retrieve id and access tokens to store using TokenManager
  5. Logout of AppB - clears tokenManager and closes OktaSession
  6. Navigate back to AppA which clears the tokenManager and redirects to login page

It is at Step 6 that I receive the OAuthError. The apps both behave as expected but I don’t want any errors displayed in the browser. okta-sign-in.min.js:14 is the line I get the error from

Cheers
Martin

2

Bump

I can put a github repo together with a test case for this if it would provide enough info for someone to point me in the direction of my issue?