You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a customer creates a new account using okta-auth-js and okta-react we are not able to get an session information when calling .session.get(); Even though there are active accessToken and refreshToken. session.get() returns status: 'INACTIVE' .authStateManager.getAuthState().isAuthenticated returns true
to sign out a user we are calling await authClient.revokeRefreshToken(); then await authClient.revokeAccessToken(); and then closeSession() to check if session has been closed before completely signing out a user. closeSession() fails for new registrations but succeeds for users who have signed in.
Reproduction Steps?
create a new account using okta-auth-js and okta-react try to get session information by calling session.get()
I noticed this behavior too. Sessions are not created when using the idx register flow.
Support confirmed this was the expected behavior of that particular endpoint and suggested adding a login call at the end of the register flow using the data provided by the user, however that is suboptimal especially when a user sets up MFA (Case 02009292).
It would be nice if there was a way this could be fixed because the session cookie would allow users to interact with other SSO apps after registering, as well as remember the device they registered on.
@mguagenti Since this is the expected behavior, I doubt it will be fixed. Especially with looming deprecation of 3rd-party cookies by browsers, it's counterproductive to couple the Application session and the Okta session more tightly. The accessToken can be used to protect your resource server and the idToken should provide any of the user details session.get() provides
Describe the bug
When a customer creates a new account using okta-auth-js and okta-react we are not able to get an session information when calling
.session.get();
Even though there are active accessToken and refreshToken.session.get()
returnsstatus: 'INACTIVE'
.authStateManager.getAuthState().isAuthenticated
returnstrue
to sign out a user we are calling
await authClient.revokeRefreshToken();
thenawait authClient.revokeAccessToken();
and thencloseSession()
to check if session has been closed before completely signing out a user.closeSession()
fails for new registrations but succeeds for users who have signed in.Reproduction Steps?
create a new account using okta-auth-js and okta-react try to get session information by calling
session.get()
SDK Versions
Additional Information?
No response
The text was updated successfully, but these errors were encountered: