User is unable to sign in through the Okta widget with general error code 9

[syangatkonrad]

Describe the bug?

When attempting to call WebAuthClient.signIn(), the user is getting an onError callback with AuthorizationException.code of 9.

By looking at your source code, this refers to this group of errors:

Error codes specific to AppAuth for Android, rather than those defined in the OAuth2 and OpenID specifications.

More specifically this:

Indicates that a received ID token is invalid.

The user's device is an Android LG G7 Thin Q, Android 10, the default browser is Chrome.

Please advise.

What is expected to happen?

The widget should launch and allow the user to sign in.

What is the actual behavior?

The widget does not launch, instead will emit an error.

Reproduction Steps?

By calling WebAuthClient.signIn().

Additional Information?

No response

SDK Version

v1.2.2

Build Information

No response

[JayNewstrom]

Hi @syangatkonrad we do token validation according to the spec, https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation.

Typically we see this error due to the users clock being out of sync. Can you make sure the clock is correct on that device?

[syangatkonrad]

Thank you for the quick response.

Are there any other possible causes for this? We would like to gather as much information as possible before going back to the user.

[JayNewstrom]

Without a stack trace, it's hard to guess. But in general, when we see these sorts of issues, it's due to a user changing the time on their device (we joke it's maybe to advance time so they can play another round of a time gated game). But there are lots of reasons an ID Token can be invalid.

[syangatkonrad]

@JayNewstrom thank you! That was the cause of the issue and it has been resolved.