Open reesewesterhoff opened 4 years ago
@reesewesterhoff - thanks for the report. I'll try to reproduce your case to confirm the issue as soon as I can, but looking at the surface I'd guess that your signin-widget is using PKCE, while your okta-vue is not.
Do things clear up if you add pkce: false
to the authParams
you pass to the widget config?
@reesewesterhoff Alternatively, remove pkce: false
from your Vue code. true
is the default and recommended setting for pkce
option. The value for this setting must match between the signin-widget and Vue service.
Thanks for the quick response!
@swiftone Adding pkce: false
to the authParams
in the widget worked! With both of them having a matching type everything works as expected.
@aarongranick-okta When I tried setting pkce: true
or removing that line of code from both the widget and the vue app I got this error:
There is a good chance that I just have not set something up appropriately. Any chance you know what it is off the bat or could you point me in the direction of some docs that would help me set that up?
^ I can confirm adding pkce: false
removed this error. My app was broken when I just removed that field.
@reesewesterhoff @BryceV Can you try the Okta Vue custom-signIn sample? I verified it locally, it works for both PKCE and implicit flows.
For the sample (implicit flow) I get:
@BryceV The error is caused by attempting to trigger multiple login flow concurrently. If you have not changed any logic in the samples, probably you have code=xxx
in your URL, which triggered the protection.
Code reference: https://github.com/okta/okta-auth-js/blob/master/lib/token.ts#L592
This could be related to https://github.com/okta/okta-auth-js/issues/474
I'm submitting a:
Current behavior
I am using the Okta sign in widget running at http://localhost:8080 as a login page. Here is the code for that.
// index.html
Upon a successful login, the browser is redirected to http://localhost:8081/implicit/callback and there is a code sent along with it so the url looks something like this:
http://localhost:8081/implicit/callback?code=bigStringOfNumbersAndLetters&state=anotherBigStringOfNumbersAndLetters
My vue app is running on http://localhost:8081 and the two files I changed to handle the authentication are as follows:
// router/index.js
// App.vue
When the sign in widget redirects to
http://localhost:8081/implicit/callback?code=bigStringOfNumbersAndLetters&state=anotherBigStringOfNumbersAndLetters
an error is logged in the console and the app breaks.Expected behavior
http://my-vue-app.com/implicit/callback?code=bigStringOfNumbersAndLetters&state=anotherBigStringOfNumbersAndLetters
.Auth.handleCallback()
take the info from the url and set the tokens/relevant information into the session/local storage.http://my-vue-app.com/
with with user authenticated.Minimal reproduction of the problem with instructions
See above
Extra information about the use case/user story you are trying to implement
Environment
node -v
): 12.16.2