Widget stuck in login

mathieuv · April 30, 2021, 9:24am

Hello,

We have a single user that has issues when login. To start, the user has had refresh issues, whereas other users don’t experience any.

When trying to login on his desktop, the widget is stuck in a loading animation and does not proceed to the rest of the application.

The requests sent to Okta all are 200 OK. We also checked on Okta’s side and don’t see any errors in the System log. However the user appears to be stuck in a login loop: the login flow in the System log repeats multiple times when trying to login.
The user tried to log from Chrome, Chrome private navigation and Edge, none of them worked.
The user tried clearing all the cache and cookies, did not work.
However the user is able to log when using a different computer (his laptop).
The user was also able to log in via his desktop a couple of hours before the issue appeared.

Do you have a clue on how this could happen? Is there any special configuration that would make it not work with Okta on this specific desktop? It does not appear to be related to a specific browser but to the desktop itself.

We are using GitHub - okta/okta-auth-js: The official js wrapper around Okta's auth API and GitHub - okta/okta-react: Okta OIDC SDK for React

Cale · April 30, 2021, 1:27pm

Hi there. Hmm, this is strange. Are you getting any errors in the browser console that you could share?

Also, I know you’ve mostly ruled out the fact that it’s a browser issue, but so often when a user is able to login in one place and not another it boils down to third party cookies. Any chance you configured your widget to make calls to the base Okta domain and aren’t using a custom URL? If so, a good test would be having a user who is logging in successfully try to do so with third party cookie blocking on and see if they run into the same problem.

Otherwise, ya - browser console logs would be the next best step at diagnosing.

mathieuv · April 30, 2021, 2:40pm

Hi,

We have configured the custom URL and we checked that it was properly used with the requests. It does not appear that it is a problem with third party cookies. Just in case I checked by blocking my 3rd party cookies and properly logging in.

We were also able to try with Firefox to have a non-chromium browser, it didn’t work either.
We were able to let him log by setting manually a pre-generated JWT. Although the refresh issues I mentioned should come from the okta-auth-js package, it looks like the issue comes from the widget.

And finally there aren’t any errors in the logs… We don’t have much to go on.

Could there be anything else other than the 3rd party cookies that could affect the behavior of the requests with Okta?

Cale · April 30, 2021, 3:27pm

Very curious. It seems completely environmental. The oddest piece of this is the fact that they successfully logged in on the desktop hours before.

Are you running the most recent version of our React SDK? 5.1.1?

mathieuv · April 30, 2021, 3:47pm

Yes we do. Here are the current versions of the libraries:

okta/okta-auth-js: 4.9.0 (Have not upgraded to 5.0.0 yet)
okta/okta-react: 5.1.1
okta/okta-signin-widget: 5.5.3 (Have not upgraded to 5.6.0)

We are in the process of bumping the versions, but the React SDK is already up to date.

Cale · April 30, 2021, 4:17pm

I think this may require a bit more intensive look. Can you please open a support ticket with us through an email at developers@okta.com in order to have this further investigated?

mathieuv · June 15, 2021, 1:14pm

Forgot to update this thread when we found the solution.

The user’s computer’s clock was drifting, such that it ended up going over the maxClockSkew time limit (default to 5). We had to increase it to make it less restrictive.

system · June 16, 2021, 1:15pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.