samples-ios icon indicating copy to clipboard operation
samples-ios copied to clipboard

Published 20 hours ago verified publisher icon okta

OktaAuthSdk.fetchStatus always returns "Invalid token provided"

Open mureatencio opened this issue 2 years ago • 3 comments

Describe the bug?

I'm trying to obtain a OktaAuthStatus from a OktaOidcStateManager object I'm retrieving from the keychain to validate the user has an active session in the device. The OktaAuthSdk.fetchStatus seems to return the success callback that I need, but it's unclear what the required "State Token" parameter is or where does it come from. I tried calling the method with oktaOidcStateManager.refreshToken, oktaOidcStateManager.idToken, and oktaOidcStateManager.accessToken, but all of them are returning the error block with the error: {"errorCode":"E0000011","errorSummary":"Invalid token provided","errorLink":"E0000011","errorId":"oaehEVIxs82T_GfnN5ZOE1onw","errorCauses":[]}

This what I'm doing:

let successBlock: (OktaAuthStatus) -> Void = { [weak self] status in
    self?.flowCoordinatorDelegate?.onStatusChanged(status: status)
}

let errorBlock: (OktaError) -> Void = { [weak self] error in
    self?.showError(message: error.description)
}
OktaAuthSdk.fetchStatus(with: oktaOidcStateManager.refreshToken,
                       using: URL(string: self.urlString)!,
              onStatusChange: successBlock,
                     onError: errorBlock)

What is expected to happen?

Documentation should be clear on where the "State Token" comes from. OktaAuthSdk.fetchStatus should call the success block.

What is the actual behavior?

Documentation is unclear what the state token is. OktaAuthSdk.fetchStatus always call the error block.

Reproduction Steps?

This is an extract of what I'm doing:

let successBlock: (OktaAuthStatus) -> Void = { [weak self] status in
    self?.flowCoordinatorDelegate?.onStatusChanged(status: status)
}

let errorBlock: (OktaError) -> Void = { [weak self] error in
    self?.showError(message: error.description)
}
OktaAuthSdk.fetchStatus(with: oktaOidcStateManager.refreshToken,
                       using: URL(string: self.urlString)!,
              onStatusChange: successBlock,
                     onError: errorBlock)

Additional Information?

No response

SDK Version(s)

org.cocoapods.OktaAuthSdk 2.4.3 org.cocoapods.OktaOidc 3.11.1

Build Information

iOS 13+ XCode 13.2 Authentication, sign out and everything else is working correctly.

mureatencio avatar Apr 21 '22 03:04 mureatencio

Thanks for posting!

@mikenachbaur-okta can you help take a look?

arvindkrishnakumar-okta avatar Apr 21 '22 17:04 arvindkrishnakumar-okta

Hi guys, any luck with this report?

mureatencio avatar Apr 25 '22 22:04 mureatencio

@mureatencio - This call only works with a stateToken to check on the current status authentication flow.

Using this call with any of [id/access/refresh] tokens is not valid. All of these tokens are the product of a successful authorize/token call and should not be used for this call from the authentication SDK.

emanor-okta avatar May 27 '22 23:05 emanor-okta