Aaron Granick

@jameslessen Please update to the latest version of AuthJS. From the network response you posted, it is clear that the client is falling back to using an iframe/cookie method to...

@garrettmac We do provide the option for a custom storageProvider, which can implement any custom logic: https://github.com/okta/okta-auth-js#storageprovider

@djfdev We are investigating this issue and working on a better solution for url discovery. In the meantime, it may work for you to explicitly set the `authorizeUrl` or `tokenUrl`...

@zaeja Can you provide a little more detail on the "enhancement" you are looking for? If I understand correctly you are using a proxy, so the `issuer` and `authorizeUrl` that...

@djfdev The issuer returned from the `.well-known` endpoint should match the `HOST` header of the request. If you have a custom Okta domain setup and hit `my.domain.com/.well-known/openid-configuration` it should return...

@kyeotic Makes sense. I can think of a couple ways to solve this problem. One would be to intercept at the network layer to request from the proxy instead of...

@kyeotic Thanks, that makes sense. Currently the issuer from the token is compared with the *configured* issuer, but it can (should) be compared with the issuer returned from well-known. I...

@kyeotic Many apologies for this issue falling through a crack, I have confirmed this issue still exists and was not fixed by #646 We have re-prioritized this issue and are...

@kyeotic It looks like this issue should have been fixed with https://github.com/okta/okta-auth-js/pull/858 You should be able to use your frontend proxy URL as the "issuer"

@pbollaram - The error "The client specified not to prompt" which is coming from a call to `/authorize` (in an iframe) is expected when trying to renew tokens (without offline_access)...