okta-auth-js icon indicating copy to clipboard operation
okta-auth-js copied to clipboard

Published 20 hours ago verified publisher icon okta

getWithPopup hangs up

Open markb-trustifi opened this issue 3 years ago • 2 comments

Describe the bug?

I’m using @okta/okta-auth-js client for signing Okta users to the website.

         import { OktaAuth } from '@okta/okta-auth-js';
         const authOktaClient = new OktaAuth({
              issuer: oktaData.issuer,  
              clientId: oktaData.clientId,
              redirectUri: beUrl + '/okta/callback`,
              responseType: 'code',
              pkce: false,
              devMode: true
          });

          await authOktaClient.start();
          let res = await authOktaClient.token.getWithPopup({prompt: 'login'});

After I enter username/password an Okta popup redirects to the blank page before reaching my BE. I see only blank popup with this URL: https://mydomain.okta.com/login/step-up/redirect?stateToken=00g4GtzI98_asoZlkxIFg89xwOKO2fBsO7PvL_SpIw

The debug logs from devMode after the authOktaClient.start(): OKTA-AUTH-JS:updateAuthState: Event:undefined Status:emitted The getWithRedirect flow works correct. When I execute authorization URL directly the flow reaches the BE:

let url = `${oktaData.issuer}/v1/authorize
                                ?client_id=${oktaData.clientId}
                                &response_type=code&scope=openid+email
                                &redirect_uri=${beUrl}/okta/callback`.replace(/\s/g, '');
window.open(url, '_blank', 'location=no,width=750,height=600,scrollbars=no,resizable=no');

It also seams that the Okta client caches API calls? Once I run it with responseType:"token" and continues behaving like it is "token" even when I changed it back to the "code".

What is expected to happen?

Okta popup should request my BE with an Authorization Code and return a json data from there.

What is the actual behavior?

After I enter username/password an Okta popup redirects to the blank page before reaching my BE: https://mydomain.okta.com/login/step-up/redirect?stateToken=00g4GtzI98_asoZlkxIFg89xwOKO2fBsO7PvL_SpIw

Reproduction Steps?

Execute an Okta Code flow with getWithPopup.

SDK Versions

6.7.2

Execution Environment

MacOS 11.6 with Chrome 103

Additional Information?

No response

markb-trustifi avatar Jul 17 '22 11:07 markb-trustifi

Seems like not an issue with okta-auth-js library, but with Authorization Code flow in your org. When you get redirected to /login/step-up/redirect blank page and you click 'Inspect' in context menu, do you see any errors in console? Please reach out to support team at [email protected] to analyze your authorisation flow issue.

denysoblohin-okta avatar Jul 19 '22 08:07 denysoblohin-okta

There are no errors. There is some JavaScript code that supposed to do window.postMessage. I think this post message doesn't work. The authOktaClient.token.getWithRedirect flow works well as well as creating authorization link manually and running it with window.open works well.

markb-trustifi avatar Jul 19 '22 08:07 markb-trustifi