From fc30e694429ee05d9fa19702d4e19d31020b852a Mon Sep 17 00:00:00 2001
From: Chirag Madlani <12962843+chirag-madlani@users.noreply.github.com>
Date: Fri, 21 Mar 2025 20:35:15 +0530
Subject: [PATCH] fix(ui): potential fix for okta login, clear state for avoid
 login errors (#20379)

* fix(ui): okta login clear state for avoid errors

* add fallback option
---
 .../Auth/AuthProviders/OktaAuthProvider.tsx   | 70 +++++++++++--------
 1 file changed, 41 insertions(+), 29 deletions(-)

diff --git a/openmetadata-ui/src/main/resources/ui/src/components/Auth/AuthProviders/OktaAuthProvider.tsx b/openmetadata-ui/src/main/resources/ui/src/components/Auth/AuthProviders/OktaAuthProvider.tsx
index c3a303ba7c3..74ed6f7dd22 100644
--- a/openmetadata-ui/src/main/resources/ui/src/components/Auth/AuthProviders/OktaAuthProvider.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/components/Auth/AuthProviders/OktaAuthProvider.tsx
@@ -47,6 +47,10 @@ export const OktaAuthProvider: FunctionComponent<Props> = ({
         tokenManager: {
           autoRenew: false,
         },
+        cookies: {
+          secure: true,
+          sameSite: 'none',
+        },
       }),
     [clientId, issuer, redirectUri, scopes, pkce]
   );
@@ -55,37 +59,12 @@ export const OktaAuthProvider: FunctionComponent<Props> = ({
     await oktaAuth.signInWithRedirect();
   };
 
-  const restoreOriginalUri = useCallback(async (_oktaAuth: OktaAuth) => {
-    const idToken = _oktaAuth.getIdToken() ?? '';
-    const scopes =
-      _oktaAuth.authStateManager.getAuthState()?.idToken?.scopes.join() || '';
-    setOidcToken(idToken);
-    _oktaAuth
-      .getUser()
-      .then((info) => {
-        const user = {
-          id_token: idToken,
-          scope: scopes,
-          profile: {
-            email: info.email ?? '',
-            name: info.name ?? '',
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            picture: (info as any).imageUrl ?? '',
-            locale: info.locale ?? '',
-            sub: info.sub,
-          },
-        };
-        onLoginSuccess(user);
-      })
-      .catch((err) => {
-        // eslint-disable-next-line no-console
-        console.error(err);
-      });
-  }, []);
-
   const customAuthHandler = async () => {
     const previousAuthState = oktaAuth.authStateManager.getPreviousAuthState();
-    if (!previousAuthState || !previousAuthState.isAuthenticated) {
+    if (!previousAuthState?.isAuthenticated) {
+      // Clear storage before triggering login
+      oktaAuth.tokenManager.clear();
+      await oktaAuth.signOut();
       // App initialization stage
       await triggerLogin();
     } else {
@@ -93,6 +72,39 @@ export const OktaAuthProvider: FunctionComponent<Props> = ({
     }
   };
 
+  const restoreOriginalUri = useCallback(
+    async (_oktaAuth: OktaAuth) => {
+      const idToken = _oktaAuth.getIdToken() ?? '';
+      const scopes =
+        _oktaAuth.authStateManager.getAuthState()?.idToken?.scopes.join() || '';
+      setOidcToken(idToken);
+      _oktaAuth
+        .getUser()
+        .then((info) => {
+          const user = {
+            id_token: idToken,
+            scope: scopes,
+            profile: {
+              email: info.email ?? '',
+              name: info.name ?? '',
+              // eslint-disable-next-line @typescript-eslint/no-explicit-any
+              picture: (info as any).imageUrl ?? '',
+              locale: info.locale ?? '',
+              sub: info.sub,
+            },
+          };
+          onLoginSuccess(user);
+        })
+        .catch(async (err) => {
+          // eslint-disable-next-line no-console
+          console.error(err);
+          // Redirect to login on error
+          await customAuthHandler();
+        });
+    },
+    [onLoginSuccess]
+  );
+
   return (
     <Security
       oktaAuth={oktaAuth}