<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007MnMOPCA3Okta Classic EngineAuthenticationAnswered2024-04-16T10:36:44.000Z2022-01-05T22:36:25.000Z2022-01-07T18:53:02.000Z

s5g31 (s5g31) asked a question.

January 5, 2022 at 10:36 PM
How can I begin debugging a conflict between the Google JavaScript client lib and Okta?

Some of my users are encountering an error when attempting to interact with Google API enabled components. The common variable amongst all of these users is an Okta auth flow. They are able to use this Auth flow just find to sign into the app. But, when using Google Picker in particular, the sign-in is unsuccessful.

 

These users are internal, so I can access their configs through the Okta admin. I'm curious if this is a known issue. If not, how can I begin debugging?

 

I am not familiar with Okta configs.

  • 2 answers
  • 449 views

  • User1630709688426468638 (Okta)

    Hello 

     

    Thanks for posting.

     

    If my understanding is correct, the users are able to login when they Sign in using Okta, but if they try to do it directly from Google see something like this, and it will not sign in:

     

    First thing I suggest you is to add a prompt parameter mentioned in https://stackoverflow.com/questions/37711665/forcing-a-user-to-choose-an-account-via-google-oauth2

     

    Okta sign in widget is dependent on auth-js.

    You can refer the prompt parameter use case here:

    https://github.com/okta/okta-auth-js#token

    https://developer.okta.com/docs/reference/api/oidc/#parameter-details

     

     

    If after following this process, you still need assistance please create a Ticket with our Support Team using the information in the link below: https://help.okta.com/en/prod/Content/Topics/Directory/get-support.htm

     

    Let us know if this helps you.

     

     

    Daniela Chavarria.

    Okta Inc.

     

    Expand Post

    • kdubs (kdubs)

      Hi, Daniela! Thank you for the reply!

       

      I've tried enforcing consent a couple of different ways. While this has applied appropriately to other parts of my application, it still does not resolve the Picker issue. The Auth token I receive from Gapi's `.getAuthInstance()` appears valid, but Picker does not seem to recognize the sign-in.

       

      What should I be doing with `auth-js` exactly?

       

      I'm digging into the differences in the Picker requests with the new params. The one that is succeeding looks like this:

       

      Query String Parameters

      1. hl: en_US
      2. xtoken: <redacted>
      3. origin: http://localhost:3000
      4. oauth_token: <redacted>
      5. hostId: localhost

       

      Form Data

      1. start: 0
      2. numResults: 50
      3. sort: 3
      4. desc: true
      5. cursor:
      6. mine: 2
      7. service: docs
      8. type: EVERYTHING
      9. options: {"notInFolder":true,"mimeTypes":"application/msword,application/vnd.google-apps.document,application/vnd.google-apps.kix,application/vnd.ms-word,application/vnd.ms-word.document.macroEnabled.12,application/vnd.ms-word.document.macroenabled.12,application/vnd.ms-word.template.macroEnabled.12,application/vnd.ms-word.template.macroenabled.12,application/vnd.oasis.opendocument.text,application/vnd.openxmlformats-officedocument.wordprocessingml.document,application/vnd.openxmlformats-officedocument.wordprocessingml.template,text/plain,application/vnd.google-apps.folder","ff":true}
      10. token: <redacted>
      11. version: 4
      12. app: 2
      13. subapp: 5
      14. clientUser: <redacted>

       

      The one that fails looks like this:

       

      Query string parameters

      1. protocol: gadgets
      2. origin: http://localhost:3000
      3. multiselectEnabled: true
      4. oauth_token: <redacted>
      5. hostId: localhost
      6. parent: http://localhost:3000/favicon.ico
      7. nav: (("documents",null,{"includeFolders":true}),("upload",null,{"query":"docs"}))
      8. rpcService: <redacted>
      9. rpctoken: <redacted>
      10. thirdParty: true
      11. ppli: 2

       

      Expand Post
This question is closed.
Loading
How can I begin debugging a conflict between the Google JavaScript client lib and Okta?