search

okta / okta-auth-js

The official js wrapper around Okta's auth API
Other
453 stars 265 forks source link

getWithPopup hangs up #1257

Open markb-trustifi opened 2 years ago

markb-trustifi commented 2 years ago

Describe the bug?

I’m using @okta/okta-auth-js client for signing Okta users to the website.

         import { OktaAuth } from '@okta/okta-auth-js';
         const authOktaClient = new OktaAuth({
              issuer: oktaData.issuer,  
              clientId: oktaData.clientId,
              redirectUri: beUrl + '/okta/callback`,
              responseType: 'code',
              pkce: false,
              devMode: true
          });

          await authOktaClient.start();
          let res = await authOktaClient.token.getWithPopup({prompt: 'login'});

After I enter username/password an Okta popup redirects to the blank page before reaching my BE. I see only blank popup with this URL: https://mydomain.okta.com/login/step-up/redirect?stateToken=00g4GtzI98_asoZlkxIFg89xwOKO2fBsO7PvL_SpIw

The debug logs from devMode after the authOktaClient.start(): OKTA-AUTH-JS:updateAuthState: Event:undefined Status:emitted The getWithRedirect flow works correct. When I execute authorization URL directly the flow reaches the BE:

let url = `${oktaData.issuer}/v1/authorize
                                ?client_id=${oktaData.clientId}
                                &response_type=code&scope=openid+email
                                &redirect_uri=${beUrl}/okta/callback`.replace(/\s/g, '');
window.open(url, '_blank', 'location=no,width=750,height=600,scrollbars=no,resizable=no');

It also seams that the Okta client caches API calls? Once I run it with responseType:"token" and continues behaving like it is "token" even when I changed it back to the "code".

What is expected to happen?

Okta popup should request my BE with an Authorization Code and return a json data from there.

What is the actual behavior?

After I enter username/password an Okta popup redirects to the blank page before reaching my BE: https://mydomain.okta.com/login/step-up/redirect?stateToken=00g4GtzI98_asoZlkxIFg89xwOKO2fBsO7PvL_SpIw

Reproduction Steps?

Execute an Okta Code flow with getWithPopup.

SDK Versions

6.7.2

Execution Environment

MacOS 11.6 with Chrome 103

Additional Information?

No response

denysoblohin-okta commented 2 years ago

Seems like not an issue with okta-auth-js library, but with Authorization Code flow in your org. When you get redirected to /login/step-up/redirect blank page and you click 'Inspect' in context menu, do you see any errors in console? Please reach out to support team at support@okta.com to analyze your authorisation flow issue.

markb-trustifi commented 2 years ago

There are no errors. There is some JavaScript code that supposed to do window.postMessage. I think this post message doesn't work. The authOktaClient.token.getWithRedirect flow works well as well as creating authorization link manually and running it with window.open works well.