We have a single user that has issues when login. To start, the user has had refresh issues, whereas other users don’t experience any.
When trying to login on his desktop, the widget is stuck in a loading animation and does not proceed to the rest of the application.
The requests sent to Okta all are 200 OK. We also checked on Okta’s side and don’t see any errors in the System log. However the user appears to be stuck in a login loop: the login flow in the System log repeats multiple times when trying to login.
The user tried to log from Chrome, Chrome private navigation and Edge, none of them worked.
The user tried clearing all the cache and cookies, did not work.
However the user is able to log when using a different computer (his laptop).
The user was also able to log in via his desktop a couple of hours before the issue appeared.
Do you have a clue on how this could happen? Is there any special configuration that would make it not work with Okta on this specific desktop? It does not appear to be related to a specific browser but to the desktop itself.
Hi there. Hmm, this is strange. Are you getting any errors in the browser console that you could share?
Also, I know you’ve mostly ruled out the fact that it’s a browser issue, but so often when a user is able to login in one place and not another it boils down to third party cookies. Any chance you configured your widget to make calls to the base Okta domain and aren’t using a custom URL? If so, a good test would be having a user who is logging in successfully try to do so with third party cookie blocking on and see if they run into the same problem.
Otherwise, ya - browser console logs would be the next best step at diagnosing.
We have configured the custom URL and we checked that it was properly used with the requests. It does not appear that it is a problem with third party cookies. Just in case I checked by blocking my 3rd party cookies and properly logging in.
We were also able to try with Firefox to have a non-chromium browser, it didn’t work either.
We were able to let him log by setting manually a pre-generated JWT. Although the refresh issues I mentioned should come from the okta-auth-js package, it looks like the issue comes from the widget.
And finally there aren’t any errors in the logs… We don’t have much to go on.
Could there be anything else other than the 3rd party cookies that could affect the behavior of the requests with Okta?
I think this may require a bit more intensive look. Can you please open a support ticket with us through an email at developers@okta.com in order to have this further investigated?
Forgot to update this thread when we found the solution.
The user’s computer’s clock was drifting, such that it ended up going over the maxClockSkew time limit (default to 5). We had to increase it to make it less restrictive.