fix(ui): potential fix for okta login, clear state for avoid login errors (#20379)

* fix(ui): okta login clear state for avoid errors

* add fallback option

openmetadata-ui/src/main/resources/ui/src/components/Auth/AuthProviders/OktaAuthProvider.tsx

@@ -47,6 +47,10 @@ export const OktaAuthProvider: FunctionComponent<Props> = ({
         tokenManager: {
           autoRenew: false,
         },
+        cookies: {
+          secure: true,
+          sameSite: 'none',
+        },
       }),
     [clientId, issuer, redirectUri, scopes, pkce]
   );
@@ -55,37 +59,12 @@ export const OktaAuthProvider: FunctionComponent<Props> = ({
     await oktaAuth.signInWithRedirect();
   };
 
-  const restoreOriginalUri = useCallback(async (_oktaAuth: OktaAuth) => {
-    const idToken = _oktaAuth.getIdToken() ?? '';
-    const scopes =
-      _oktaAuth.authStateManager.getAuthState()?.idToken?.scopes.join() || '';
-    setOidcToken(idToken);
-    _oktaAuth
-      .getUser()
-      .then((info) => {
-        const user = {
-          id_token: idToken,
-          scope: scopes,
-          profile: {
-            email: info.email ?? '',
-            name: info.name ?? '',
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            picture: (info as any).imageUrl ?? '',
-            locale: info.locale ?? '',
-            sub: info.sub,
-          },
-        };
-        onLoginSuccess(user);
-      })
-      .catch((err) => {
-        // eslint-disable-next-line no-console
-        console.error(err);
-      });
-  }, []);
-
   const customAuthHandler = async () => {
     const previousAuthState = oktaAuth.authStateManager.getPreviousAuthState();
-    if (!previousAuthState || !previousAuthState.isAuthenticated) {
+    if (!previousAuthState?.isAuthenticated) {
+      // Clear storage before triggering login
+      oktaAuth.tokenManager.clear();
+      await oktaAuth.signOut();
       // App initialization stage
       await triggerLogin();
     } else {
@@ -93,6 +72,39 @@ export const OktaAuthProvider: FunctionComponent<Props> = ({
     }
   };
 
+  const restoreOriginalUri = useCallback(
+    async (_oktaAuth: OktaAuth) => {
+      const idToken = _oktaAuth.getIdToken() ?? '';
+      const scopes =
+        _oktaAuth.authStateManager.getAuthState()?.idToken?.scopes.join() || '';
+      setOidcToken(idToken);
+      _oktaAuth
+        .getUser()
+        .then((info) => {
+          const user = {
+            id_token: idToken,
+            scope: scopes,
+            profile: {
+              email: info.email ?? '',
+              name: info.name ?? '',
+              // eslint-disable-next-line @typescript-eslint/no-explicit-any
+              picture: (info as any).imageUrl ?? '',
+              locale: info.locale ?? '',
+              sub: info.sub,
+            },
+          };
+          onLoginSuccess(user);
+        })
+        .catch(async (err) => {
+          // eslint-disable-next-line no-console
+          console.error(err);
+          // Redirect to login on error
+          await customAuthHandler();
+        });
+    },
+    [onLoginSuccess]
+  );
+
   return (
     <Security
       oktaAuth={oktaAuth}