search

okta / okta-signin-widget

HTML/CSS/JS widget that provides out-of-the-box authentication UX for your organization's apps
Other
376 stars 319 forks source link

iOS - authClient.token.getWithoutPrompt() not working properly #1546

Open bgindek opened 3 years ago

bgindek commented 3 years ago

I'm submitting a bug report

Background info

I'm using the Okta widget (https://global.oktacdn.com/okta-signin-widget/3.8.2/js/okta-sign-in.min.js) to log into my website. It works fine from a desktop browser (Chrome/Firefox) and on an Android device (Chrome/Firefox).

Expected behavior

Redirected page gets the tokens saved in session cookie(s)

What went wrong?

Fails after the login redirect on iOS (Chrome/Firefox). The login succeeds but in the redirect page on my website I make a call to:

authClient.token.getWithoutPrompt({...

and get the error:

OAuthError: The client specified not to prompt, but the user is not logged in.

Your environment

aarongranick-okta commented 3 years ago

@bgindek Thanks for the submission. The method getWithoutPrompt requests tokens from Okta in an iframe and requires access to "third-party" cookies. This method will often fail in the latest browsers with default settings. But the signin widget can return tokens directly to your app, or initiate a redirect to receive an authorization code to receive tokens. In many cases it is possible to avoid using getWithoutPrompt entirely.

bgindek commented 3 years ago

This method will often fail in the latest browsers with default settings - can I change these settings? Not obvious how In many cases it is possible to avoid using getWithoutPrompt entirely. - how is that done?