samples-android icon indicating copy to clipboard operation
samples-android copied to clipboard

Published 20 hours ago verified publisher icon okta

getSessionClient().clear(); not clearing session.

Open gopalp1709 opened this issue 4 years ago • 8 comments

Hi @FeiChen-okta , I am clearing session after receiving below error: AuthorizationException: {"type":1,"code":1002,"error":"access_denied","errorDescription":"User is not assigned to the client application."}

When I am trying to open browser login same above error occurs. Do I need to un-register callback?

gopalp1709 avatar Sep 22 '20 13:09 gopalp1709

Hi @gopalp1709 This shouldn't be an issue with the callback. Can give a step by step process of the sign in where you get this error? This is my assumption:

  1. User is not assigned the app
  2. User sign in but gets the error access_denied
  3. then clear session gets access_denied from browser sign out?

If that is the case this is a known issue https://github.com/okta/okta-oidc-android/issues/161

The browser is still saving the session.

FeiChen-okta avatar Sep 22 '20 16:09 FeiChen-okta

Hi @FeiChen-okta , Below are the steps to reproduce the error:

  1. User is not assigned the app
  2. User sign in but gets the error access_denied
  3. After receiving step 2 error I am clearing the session but it's not clearing it. 4.When I try to sign in it's throwing same error as mentioned in step 2.

I have gone through the provided link ( https://github.com/okta/okta-oidc-android/issues/161), here you mentioned workaround of disabling server to store session. Can you please provide steps or any document to try out suggested workaround? Thanks

gopalp1709 avatar Sep 23 '20 08:09 gopalp1709

Hi @gopalp1709 Here is a link to for setting session timeout. https://support.okta.com/help/s/question/0D50Z00008Gghw9/okta-session-timeout?language=en_US

FeiChen-okta avatar Sep 23 '20 18:09 FeiChen-okta

Hi @FeiChen-okta ,

I have gone through this URL https://support.okta.com/help/s/question/0D50Z00008Gghw9/okta-session-timeout?language=en_US , it is about configuring the session timeout . How this will help in clearing the session from browser ? I want to clear the session from browser so that user can try another attempts for login.

Thanks Amol

gopalp1709 avatar Sep 24 '20 15:09 gopalp1709

Hi @gopalp1709 When the session has timed out you don't have to clear the session from the browser. You can set the session to never store requiring sign-in every time or a short session timeout.

FeiChen-okta avatar Sep 24 '20 16:09 FeiChen-okta

Hi @FeiChen-okta , Waiting till session timeout for next login attempt is not good user experience on mobile device, Plus the session config , policies are shared by mobile and web so please suggest any other workaround,

Thanks Amol

gopalp1709 avatar Sep 25 '20 14:09 gopalp1709

Hi @gopalp1709 Unfortunately that is the only workaround I have. The other is to use webview instead of chrome custom tabs. But that is not support in the SDK.

FeiChen-okta avatar Sep 28 '20 16:09 FeiChen-okta

I've got some more feedback from the team on next steps for this. The plan is to add client_id param, given some updates to the spec: https://bitbucket.org/openid/connect/issues/1182/add-logout_hint-parameter-to-rp-initiated

Our backend team hasn't committed to a timeframe yet on this. I'll update the ticket once we've got another round of next steps.

Internal ref: OKTA-361004

JayNewstrom avatar Jan 14 '21 18:01 JayNewstrom