Skip to content

[Question]: Issue with multiple auth configs, GitLab access token not recognized as authenticated #2146

Open
Open
[Question]: Issue with multiple auth configs, GitLab access token not recognized as authenticated#2146
Labels
question
@ZandBraxton

Description

@ZandBraxton
ZandBraxton
opened on Nov 17, 2025

What Version of the library are you using?
19.0.0

Question
I'm working on integrating multiple authentication configurations. One config is for Okta, and the other is for GitLab. Here's a quick overview of the setup:

Okta config uses the scope: openid email profile groups offline_access
GitLab config uses the scope: api (we only need the access token, not an id_token.)

I'm passing both configs like this:

provideAuth(
  {
    config: [oktaAuthConfig, gitlabAuthConfig],
  },
  withAppInitializerAuthCheck()
)

I've also tried initializing without withAppInitializerAuthCheck, using checkAuthMultiple() or calling checkAuth() individually per config.

Behavior Observed:
I'm able to login via Okta and Gitlab without issue. When I do, isAuthenticated is true for Okta. For Gitlab, I correctly get back the access and refresh token and it saves in my session storage.
But the library never says I'm authenticated with gitlab, isAuthenticated is always false.

If I remove the okta config, and change nothing else, isAuthenticated is suddenly true for Gitlab.
If I keep both configs but change GitLab's scope on the client/server to openid api, then both work together and both have isAuthenticated as true

It seems the issue arises when one config uses an id_token (Okta) and the other only uses an access_token (GitLab). Could this be a limitation or bug in how the library handles multiple configs with differing token types?
Would love to hear your thoughts. Is this a misconfiguration on my part, or something deeper in the library?
Thanks in advance! Here are also my current configs for both

Okta

export const oktaAuthConfig: OpenIdConfiguration = {
	authority: environment.auth.okta.issuer,
	authWellknownEndpointUrl: environment.auth.okta.issuer,
	redirectUrl: environment.auth.redirectUrl,
	triggerAuthorizationResultEvent: true,
	checkRedirectUrlWhenCheckingIfIsCallback: false,
	clientId: environment.auth.okta.clientId,
	scope: 'openid email profile groups offline_access',
	responseType: 'code',
	silentRenew: true,
	silentRenewUrl: environment.auth.okta.silentRedirectUrl,
	useRefreshToken: true,
	renewUserInfoAfterTokenRenew: true,
	configId: 'okta',
	secureRoutes: [environment.api, environment.proxy],
};

Gitlab

export const gitlabAuthConfig: OpenIdConfiguration = {
	authority: environment.auth.gitlab.authority,
	authWellknownEndpointUrl: environment.auth.gitlab.authWellknownEndpointUrl,
	redirectUrl: environment.auth.gitlab.redirectUrl,
	postLogoutRedirectUri: environment.auth.postLogoutRedirectUrl,
	clientId: environment.auth.gitlab.clientId,
	scope: 'api',
	checkRedirectUrlWhenCheckingIfIsCallback: false,
	triggerAuthorizationResultEvent: true,
	triggerRefreshWhenIdTokenExpired: false,
	ignoreNonceAfterRefresh: true,
	responseType: 'code',
	silentRenew: true,
	silentRenewUrl: environment.auth.gitlab.silentRedirectUrl,
	useRefreshToken: true,
	disableIdTokenValidation: true,
	disableRefreshIdTokenAuthTimeValidation: true,
	renewUserInfoAfterTokenRenew: false,
	autoUserInfo: false,
	configId: 'gitlab',
};

Metadata

Metadata

Assignees

No one assigned

    Labels

    question

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions