Custom login sample fails authentication with current instructions

[r-tae]

Followed README, testing on my employer's dev Okta tenant. Using a custom domain name as the issuer, so it is different from the *-admin.oktapreview.com developer portal url.

Tested on Firefox. Steps taken:

1. Run npm install in both custom-login and okta-hosted-login
2. Create new SPA application as per documentation (no option given to provide a base URL, so the documentation is out of date)
3. Assign "Everyone" to application on developer portal
4. Create testenv file with issuer and client ID found on developer portal
5. Run npm start in custom-login project
6. Attempt sign in and observe POST request to {oktaBaseUrl}/api/v1/authn that returns HTTP 401
7. Shut down custom-login and run npm start in okta-hosted-login
8. Attempt sign in to and observe GET request to {oktaBaseUrl}/oauth2/default/api/v1/authorize that returns HTTP 200
9. With a successful sign in, shut down okta-hosted-login and restart custom-login
10. Observe login form bypassed, due to valid cookie, and a successful authentication

[swiftone]

Thanks for the report @actual-size - I'll take a stab at reproducing sometime today to see if I can get you any solutions. My immediate thought is the 401 error can pop up if the app you created was not a "SPA" app as you report. I'll look for other errors, but while I do so you can double check that step.

[r-tae]

Thanks for getting back quickly, I've double checked and it is a "SPA" app with the default settings.

[redgeoff]

Also seeing this

The call to https://dev-96778528.okta.com/api/v1/authn appears to be valid

[swiftone]

I've been unable to reproduce the errors listed here. The steps I followed:

• clone the samples repo
• npm install
• create the testenv file with CLIENT_ID and ISSUER at the root of the repo
• cd custom-login
• npm start

This leads me to believe we may be seeing some configuration issues at the Okta Admin Console-side.

• Check the assigned users of your application: This can be seen on the Admin Console by going to Applications, selecting your application, then the Assignments tab to see who is listed. This can be individual user ids or groups, such as "Everyone".

I was able to see an error where the widget appears to just sit there, when the user was not assigned to the application in the Okta Admin Console, so that may be related. I'll file a ticket to get that error addressed, but in the meantime I'd like to unblock what you are observing.

[swiftone]

Internal ref: OKTA-358619

[r-tae]

Unfortunately I am no longer involved in the project that these issues were occurring on, so can no longer debug this. Hopefully it was just some configuration error.