Uncaught (in promise): OAuthError: The client specified not to prompt, but the user is not logged in.

[koswedo]

Steps to reproduce:

1. login to the web app
2. close the browser (no logout)
3. wait for the token and the refresh token to expire
4. open the browser and go to the web app where it needs to be authenticated

whenever you call OktaAuth method, you get an OAuthError error with the error code login_required and the message The client specified not to prompt, but the user is not logged in.. So far so good. I can catch the error and apply any error handling I like. But first time, there is also an uncaught error thrown with the same message. I suspect this is related to autorenew since it wasn't working in v5.3.1.

[aarongranick-okta]

This error/message will be thrown when calling isAuthenticated() and autoRenew is set to true and the session has expired. It should not cause any issue other than the noise in the developer console. Is it causing some problems with the functionality of your app?

[koswedo]

This is an angular app. I use the ErrorHandler to catch all unhandled errors to show the user something unexpected has happened. In this case, I don't have enough context to make sure this error can be safely ignored. For now, I am catching and ignoring all error with the message Uncaught (in promise): OAuthError: The client specified not to prompt, but the user is not logged in. Is there any other cases where this error can be thrown? And in the future? In other words, Am I hiding something important? Out of curiosity, isAuthenticated() is already throwing this error, is there a way for you to either hide it if this is just noise, or throw a proper error with context so I would know what to do with it?

[aarongranick-okta]

@koswedo I agree we should handle/hide this error better and not emit any "unhandled promise rejections". I've created an internal issue for this work: OKTA-439435

Thanks for bringing this to our attention!

[jchabotamica]

We also use third party tools that track how many errors our application logs to determine the "health" of the application. It identifies this as the most occurring error in our application. Thank you for taking this on!

[Lonli-Lokli]

I think it should be handled on Okta API side.

I have same error when trying to make a call to authorize endpoint as per Okta Dev documentation. I do not see any specific documentation regarding OIDC for non-authenticated users, ie what should be reported.

Can we assume that this error will be always the same?

[nickjm6]

I am still seeing this issue, with the implicit flow. It happens after my code manually refreshes the accessToken after expiration, using the function:

oktaAuth.tokenManager.renew('accessToken');

My oktaConfiguration has autoRenew and autoRemove set to false.

My configuration also specifies to not retrieve the idToken because I don't use it in my code. If I do specify to retrieve idToken, it works, however it also will renew my accessToken every time I try to renew just the idToken, using oktaAuth.tokenManager.renew('idToken')

Update: I am seeing this using version 5.11.0 of @okta/okta-auth-js

[trevorbenyack]

This error/message will be thrown when calling isAuthenticated() and autoRenew is set to true and the session has expired. It should not cause any issue other than the noise in the developer console. Is it causing some problems with the functionality of your app?

Hi, we guard the root of our Angular project, and this error prevents the initial redirect to our company's Okta Sign In page. Sometime it seems like it will refresh, but other times it just sits there until the page is reloaded and then it will do the normal redirect flow.

[vicodina01]

@nickjm6 I've been having the same problem whit oktaAuth.tokenManager.renew('accessToken'); , I get the error message "The client specified not to prompt, but the user is not logged in." did you find a way to solve it? Im using okta-auth.js 4.8.0 and also try out 6.7.6 but I still have the issue

[code-bode]

I am seeing same error when I am calling this oktaAuth.token.getWithoutPrompt() method. This works fine in desktop site but when i load as mobile, I am seeing below error.

[jaredperreault-okta]

@code-bode What mobile environment and browser are you testing this on? getWithoutPrompt uses a hidden iframe under the hood. iframe support on mobile has been limited up until recently

[code-bode]

@jaredperreault-okta I am using ios 16.0. As you see below this error even happening when I use mobile mode with developer console in chrome.

[jaredperreault-okta]

Seems like Safari on iOS 16 currently has a bug that affects iframes that may be causing problems. (ref: https://caniuse.com/mdn-html_elements_iframe)

I'm not sure why the Chrome DevTools "Mobile Mode" would affect this. This will require further investigation

Internal Ref: OKTA-543648

[oleksandrpravosudko-okta]

@code-bode I was trying to reproduce this with the below code in iOS 16.0 simulator and oktaAuth.token.getWithoutPrompt ran without issues.

...
const { sessionToken } = await oktaAuth.signIn({
  /*username,*/
  /*password*/
});
const tokensResp = await oktaAuth.token.getWithoutPrompt({sessionToken});
setTokens(tokensResp.tokens);
...

In order to succeed, getWithoutPrompt requires either of:

• Okta session cookie to be available as 3p cookie
• sessionToken to be provided as a param
• valid refresh token to be available

Given one of the above conditions is met and you are still experiencing the issue, please share repro code (with sensitive details removed).

[oleksandrpravosudko-okta]

@code-bode Please log a new issue with description of your flow and repro steps in case you believe SDK is not working as expected.