81l29 (81l29) asked a question.
Below are the issues I'm facing:
1) signOut: Error Code: id token does not match session
I have two user accounts. if I use "1st" account to sign-in to the angular app (first browser tab) and "2nd" account to sign-in to the Okta dashboard (second browser tab) and then if I try to sign out the 1st account from angular app (1st tab), I'm getting this error page.
I'm only getting this error when I use oktaAuth.signOut() to sign the user out of the SPA, but i'm not getting the same error when I have these two methods in my sign out function oktaAuth.revokeAccessToken() oktaAuth.closeSession() instead of oktaAuth.signOut(). Could anyone please tell me why is this happening?
From my perspective, this looks like some wires are getting crossed between the browser sessions.
2) When i open a okta protected SPA application to login a user, without showing the login page again okta automatically takes the previously logged in invalid user details from different browser tab to sign in to the SPA, and its throwing error.
I have two user accounts: "1st" account has a permission to log in to the SPA app, but "2nd" account doesn't have that permission. If I sign-in "2nd" account to the okta dashboard (browser tab1) and then in tab2, if I open up that SPA app to login "1st" account, okta automatically picks the previously logged-in user details ("2nd" account credentials instead of "1st" account) for sign-in and in "login/callback" it is getting struck and its throwing "OAuthError: User is not assigned to the client application." Error. is there any way I can fix this or always force the user to login?
Here are the dependencies
okta/okta-angular 6.0.0,
okta/okta-auth-js 7.0.1
const oktaAuth = new OktaAuth({
issuer,
clientId,
redirectUri,
pkce,
scopes, // ['openid', 'profile', 'email'],
tokenManager: {
storage: 'sessionStorage'
}
});
Could anyone please tell me how I can fix these issues? I'm new to okta, please correct me if I misunderstood anything. FYI I'm currently using the dev okta account.
Asked one of my colleagues who also faced the same issue told me this :
The error occurred for us because we were trying to use 2 different sessions in 2 different apps but using the same auth server. Every time the OKTA auth server authorizes a user, the auth server sets a session id cookie in its domain. When a user logs in with a new set of credentials then tries to log out of the old set of credentials, the client code picks up the identity token which no longer applies to the new session id that exists in the okta auth server cookie and that was the issue.
Hello @81l29 (81l29) Thank you for reacting out to our Community!
I was able to find this GitHub article that should provide some assistance in resolving your issue:
https://github.com/okta/okta-auth-js/issues/575
However if this does not help, my advice would be to leverage the Okta Developer forums for this type of questions and take advantage of their expertise.
https://devforum.okta.com/
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.
Join us in the Oktane discussion group to connect with attendees or just stay connected to the event.