Okta Vue authorization: login redirect without code parameter

[ggentzel]

I'm submitting this issue for the package(s):

• [ ] jwt-verifier
• [ ] okta-angular
• [ ] oidc-middleware
• [ ] okta-react
• [ ] okta-react-native
• [X] okta-vue

I'm submitting a:

• [X] Bug report
• [ ] Feature request
• [ ] Other (Describe below)

Current behavior

There is a bug during the authentication flow where the user is redirected to the configured login redirect without the code query parameters that are expected by the Auth.handleCallback() method. As a result the login is broken and the user is stranded at the raw login redirect url with a blank page and no way to proceed other than close the window and reopen the application.

Expected behavior

The login redirect should never happen without the query parameters that are expected in order to correctly proceed with the authentication flow

Minimal reproduction of the problem with instructions

Reproduction is very intermittent. Seems to be caused by logging into any application and not logging out. Leaving the application in this state for long periods of time (days or weeks) and eventually the issue will occur.

1. After 6+ hours, log on to the application
2. Attempt to access a protected route
3. After being redirected to the Okta sign-in widget, enter credentials.
4. After entering valid credentials, the user is redirected to the /implicit/callback route without the authorization code in the url.
5. The console shows an AuthSdk error "invalid token"

Environment

• Package Version: "@okta/okta-vue": "^2.0.0"
• Browser: Chrome
• OS: MacOS Catalina Ver 10.15.6

[shuowu]

@ggentzel Thanks for reporting the issue! I do see this issue one time when use @okta/okta-vue@2.0.0, but cannot consistently reproduce it. I also tried in the latest version 2.1.1, which looks stable to me. Can you try the latest version to see if you still can reproduce it? Also, can you share the error log if you see the issue again? Thanks!