okta/okta-oidc-ios

Unable to see Okta Login screen after Error "access_denied: User is not assigned to the client application."

Closed this issue · 2 comments

idktanwar commented

Describe the bug?

Using Okta iOS SDK with swift

When the first time the user tried to log in with signInWithBrowser in iOS, it gets the login screen for username and password then on click on login button encounters the error "access_denied: User is not assigned to the client application."

After that when we tried to re-enter the credentials, unable to see the login screen for username and password. It just blinks within a second and shows the same error.

Even if the user tries to kill, re-install and relaunch the app it shows the same error without showing the login screen to re-enter credentials. End-user is unable to get started with the app.

Proposed workaround solution:
Setting>Safari>Clear History and website data

After this user is able to re-enter the username and password.

What is expected to happen?

1- Should show the login screen as per normal flow for entering the username and password again.
2- Okta should clear if any unwanted session is residing if a login has not happened successfully with credential and allow a user to re-enter the username and password.
3- Avoid clearing safari history data.

What is the actual behavior?

Even if the user tries to kill, re-install and relaunch the app it shows the same error without showing the login screen for re-enter credentials. The user is unable to get started with the app and is stuck in a loop.

Reproduction Steps?

Login behavior,
Due to the organization's security policy being unable to share the login credential, let us know if require more detail.

Additional Information?

No response

SDK Version(s)

  • OktaJWT (2.0.1)
  • OktaOidc (3.10.4):
    • OktaOidc/AppAuth (= 3.10.4)
    • OktaOidc/Okta (= 3.10.4)
  • OktaOidc/AppAuth (3.10.4)
  • OktaOidc/Okta (3.10.4):
    • OktaOidc/AppAuth
  • OktaStorage (1.1.0)

Build Information

No response

mikenachbaur-okta commented

This sounds like it might be related to a policy configuration for the client, since it's not automatically adding the user to the client application.

As far as the recurring error is concerned, after attempting to re-authenticate at a later date, this is likely the result of the session being cached within shared cookie storage within ASWebAuthenticationSession. There are two possible solutions to this problem:

  1. Use an ephemeral session (e.g. set noSSO to true when authenticating)
  2. Trigger a logout, to ensure the session cookie is reset within the browser.
mikenachbaur-okta commented

I'm going to close this due to inactivity. If you're still experiencing this problem, please feel free to reopen this issue.