fix(ui): potential fix for okta login, clear state for avoid login errors (#20379)

* fix(ui): okta login clear state for avoid errors * add fallback option
2025-10-13 09:48:19 +00:00 · 2025-03-21 20:35:15 +05:30 · 2025-03-21 20:35:15 +05:30 · fc30e69442
commit fc30e69442
parent d317081460
1 changed files with 41 additions and 29 deletions
--- a/openmetadata-ui/src/main/resources/ui/src/components/Auth/AuthProviders/OktaAuthProvider.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/components/Auth/AuthProviders/OktaAuthProvider.tsx
@ -47,6 +47,10 @@ export const OktaAuthProvider: FunctionComponent<Props> = ({
        tokenManager: {
          autoRenew: false,
        },
+        cookies: {
+          secure: true,
+          sameSite: 'none',
+        },
      }),
    [clientId, issuer, redirectUri, scopes, pkce]
  );
@ -55,37 +59,12 @@ export const OktaAuthProvider: FunctionComponent<Props> = ({
    await oktaAuth.signInWithRedirect();
  };

-  const restoreOriginalUri = useCallback(async (_oktaAuth: OktaAuth) => {
-    const idToken = _oktaAuth.getIdToken() ?? '';
-    const scopes =
-      _oktaAuth.authStateManager.getAuthState()?.idToken?.scopes.join() || '';
-    setOidcToken(idToken);
-    _oktaAuth
-      .getUser()
-      .then((info) => {
-        const user = {
-          id_token: idToken,
-          scope: scopes,
-          profile: {
-            email: info.email ?? '',
-            name: info.name ?? '',
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            picture: (info as any).imageUrl ?? '',
-            locale: info.locale ?? '',
-            sub: info.sub,
-          },
-        };
-        onLoginSuccess(user);
-      })
-      .catch((err) => {
-        // eslint-disable-next-line no-console
-        console.error(err);
-      });
-  }, []);
-
  const customAuthHandler = async () => {
    const previousAuthState = oktaAuth.authStateManager.getPreviousAuthState();
-    if (!previousAuthState || !previousAuthState.isAuthenticated) {
+    if (!previousAuthState?.isAuthenticated) {
+      // Clear storage before triggering login
+      oktaAuth.tokenManager.clear();
+      await oktaAuth.signOut();
      // App initialization stage
      await triggerLogin();
    } else {
@ -93,6 +72,39 @@ export const OktaAuthProvider: FunctionComponent<Props> = ({
    }
  };

+  const restoreOriginalUri = useCallback(
+    async (_oktaAuth: OktaAuth) => {
+      const idToken = _oktaAuth.getIdToken() ?? '';
+      const scopes =
+        _oktaAuth.authStateManager.getAuthState()?.idToken?.scopes.join() || '';
+      setOidcToken(idToken);
+      _oktaAuth
+        .getUser()
+        .then((info) => {
+          const user = {
+            id_token: idToken,
+            scope: scopes,
+            profile: {
+              email: info.email ?? '',
+              name: info.name ?? '',
+              // eslint-disable-next-line @typescript-eslint/no-explicit-any
+              picture: (info as any).imageUrl ?? '',
+              locale: info.locale ?? '',
+              sub: info.sub,
+            },
+          };
+          onLoginSuccess(user);
+        })
+        .catch(async (err) => {
+          // eslint-disable-next-line no-console
+          console.error(err);
+          // Redirect to login on error
+          await customAuthHandler();
+        });
+    },
+    [onLoginSuccess]
+  );
+
  return (
    <Security
      oktaAuth={oktaAuth}