Invalid token provided if the signin widget is kept idle for 15-30mins

okta / okta-signin-widget

HTML/CSS/JS widget that provides out-of-the-box authentication UX for your organization's apps

Other

376 stars 319 forks source link

Invalid token provided if the signin widget is kept idle for 15-30mins #2052

Open aravi365 opened 3 years ago

aravi365 commented 3 years ago

I'm submitting a

[x] bug report
[ ] feature request

Background info

Describe your issue or request here (if necessary). Hit the signin button and the browser window pops-up and make it idle for some time like 30-45mins. When the user tries to login after such a long duration, there is an error displayed as Invalid token provided

What should have happened? User can login without any errors or warnings.

Steps to reproduce

Hit the sign in button and the browser window pops-up and make it idle for some time like 30-45mins. When the user tries to login after such a long duration, there is an error displayed as Invalid token provided

Your environment

Okta Sign-In Widget Version:
Browser: chrome,safari
OS:
Language: okta-react-native

shuowu commented 3 years ago

@aravi365 If I understand your issue correctly, you are working with the browser-sigin-in scenario in react-native. The issue is caused by Okta backend session expired after long idle time, a workaround can be go back to the native app, then start the login process again. Meanwhile, we will look into the issue to provide a better UX.

Internal Ref: OKTA-404587

aravi365 commented 3 years ago

@aravi365 If I understand your issue correctly, you are working with the browser-sigin-in scenario in react-native. The issue is caused by Okta backend session expired after long idle time, a workaround can be go back to the native app, then start the login process again. Meanwhile, we will look into the issue to provide a better UX.

Internal Ref: OKTA-404587

Actually its related to https://github.com/okta/okta-react-native/issues/143

chongruiduan commented 9 months ago

Hello, I'm currently experiencing a similar issue. According to this comment, it seems to be related to the okta-signin-widget, and discussions have taken place internally. I'm wondering if there are any updates on this issue. In the meantime, has any workaround been suggested? Thanks!

jaredperreault-okta commented 9 months ago

@chongruiduan Can you provide more details regarding the issue you're experiencing? Version numbers, repro steps, etc

Burnett2k commented 2 months ago

I am currently experiencing a similar issues using the okta-signin-widget. If you enter email and wait 15 minutes, you'll see the "Your session has expired message". If you then try to sign in with known email and password it fails. Don't understand this issue. Seems that widget is not renewing it's token internally after you re-enter your email address after the session expiration.