search

okta / samples-ios

samples-ios
https://github.com/okta/samples-ios
Apache License 2.0
38 stars 28 forks source link

OktaAuthSdk.fetchStatus always returns "Invalid token provided" #101

Open mureatencio opened 2 years ago

mureatencio commented 2 years ago

Describe the bug?

I'm trying to obtain a OktaAuthStatus from a OktaOidcStateManager object I'm retrieving from the keychain to validate the user has an active session in the device. The OktaAuthSdk.fetchStatus seems to return the success callback that I need, but it's unclear what the required "State Token" parameter is or where does it come from. I tried calling the method with oktaOidcStateManager.refreshToken, oktaOidcStateManager.idToken, and oktaOidcStateManager.accessToken, but all of them are returning the error block with the error: {"errorCode":"E0000011","errorSummary":"Invalid token provided","errorLink":"E0000011","errorId":"oaehEVIxs82T_GfnN5ZOE1onw","errorCauses":[]}

This what I'm doing:

let successBlock: (OktaAuthStatus) -> Void = { [weak self] status in
    self?.flowCoordinatorDelegate?.onStatusChanged(status: status)
}

let errorBlock: (OktaError) -> Void = { [weak self] error in
    self?.showError(message: error.description)
}
OktaAuthSdk.fetchStatus(with: oktaOidcStateManager.refreshToken,
                       using: URL(string: self.urlString)!,
              onStatusChange: successBlock,
                     onError: errorBlock)

What is expected to happen?

Documentation should be clear on where the "State Token" comes from. OktaAuthSdk.fetchStatus should call the success block.

What is the actual behavior?

Documentation is unclear what the state token is. OktaAuthSdk.fetchStatus always call the error block.

Reproduction Steps?

This is an extract of what I'm doing:

let successBlock: (OktaAuthStatus) -> Void = { [weak self] status in
    self?.flowCoordinatorDelegate?.onStatusChanged(status: status)
}

let errorBlock: (OktaError) -> Void = { [weak self] error in
    self?.showError(message: error.description)
}
OktaAuthSdk.fetchStatus(with: oktaOidcStateManager.refreshToken,
                       using: URL(string: self.urlString)!,
              onStatusChange: successBlock,
                     onError: errorBlock)

Additional Information?

No response

SDK Version(s)

org.cocoapods.OktaAuthSdk 2.4.3 org.cocoapods.OktaOidc 3.11.1

Build Information

iOS 13+ XCode 13.2 Authentication, sign out and everything else is working correctly.

arvindkrishnakumar-okta commented 2 years ago

Thanks for posting!

@mikenachbaur-okta can you help take a look?

mureatencio commented 2 years ago

Hi guys, any luck with this report?

emanor-okta commented 2 years ago

@mureatencio - This call only works with a stateToken to check on the current status authentication flow.

Using this call with any of [id/access/refresh] tokens is not valid. All of these tokens are the product of a successful authorize/token call and should not be used for this call from the authentication SDK.