getSessionClient().clear(); not clearing session.

[gopalp1709]

Hi @FeiChen-okta , I am clearing session after receiving below error: AuthorizationException: {"type":1,"code":1002,"error":"access_denied","errorDescription":"User is not assigned to the client application."}

When I am trying to open browser login same above error occurs. Do I need to un-register callback?

[FeiChen-okta]

Hi @gopalp1709 This shouldn't be an issue with the callback. Can give a step by step process of the sign in where you get this error? This is my assumption:

1. User is not assigned the app
2. User sign in but gets the error access_denied
3. then clear session gets access_denied from browser sign out?

If that is the case this is a known issue https://github.com/okta/okta-oidc-android/issues/161

The browser is still saving the session.

[gopalp1709]

Hi @FeiChen-okta , Below are the steps to reproduce the error:

1. User is not assigned the app
2. User sign in but gets the error access_denied
3. After receiving step 2 error I am clearing the session but it's not clearing it. 4.When I try to sign in it's throwing same error as mentioned in step 2.

I have gone through the provided link ( https://github.com/okta/okta-oidc-android/issues/161), here you mentioned workaround of disabling server to store session. Can you please provide steps or any document to try out suggested workaround? Thanks

[FeiChen-okta]

Hi @gopalp1709 Here is a link to for setting session timeout. https://support.okta.com/help/s/question/0D50Z00008Gghw9/okta-session-timeout?language=en_US

[gopalp1709]

Hi @FeiChen-okta ,

I have gone through this URL https://support.okta.com/help/s/question/0D50Z00008Gghw9/okta-session-timeout?language=en_US , it is about configuring the session timeout . How this will help in clearing the session from browser ? I want to clear the session from browser so that user can try another attempts for login.

Thanks Amol

[FeiChen-okta]

Hi @gopalp1709 When the session has timed out you don't have to clear the session from the browser. You can set the session to never store requiring sign-in every time or a short session timeout.

[gopalp1709]

Hi @FeiChen-okta , Waiting till session timeout for next login attempt is not good user experience on mobile device, Plus the session config , policies are shared by mobile and web so please suggest any other workaround,

Thanks Amol

[FeiChen-okta]

Hi @gopalp1709 Unfortunately that is the only workaround I have. The other is to use webview instead of chrome custom tabs. But that is not support in the SDK.

[JayNewstrom]

I've got some more feedback from the team on next steps for this. The plan is to add client_id param, given some updates to the spec: https://bitbucket.org/openid/connect/issues/1182/add-logout_hint-parameter-to-rp-initiated

Our backend team hasn't committed to a timeframe yet on this. I'll update the ticket once we've got another round of next steps.

Internal ref: OKTA-361004