okta · rajdeepnanua-okta · Dec 18, 2024 · Dec 18, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+# 2.17.0
+- Don't follow redirects for OkHttp. This fixes MFA issues when using classic Okta and session token login.
+
 # 2.16.0
 - Fix vulnerabilities and remove jsonpath-plus. Thanks to [vero1024](https://github.com/vero1024) for contribution in this release!
 

diff --git a/android/src/main/java/com/oktareactnative/HttpClientImpl.java b/android/src/main/java/com/oktareactnative/HttpClientImpl.java
@@ -62,6 +62,7 @@ protected Request buildRequest(Uri uri, ConnectionParameters param) {
             sOkHttpClient = new OkHttpClient.Builder()
                     .connectTimeout(connectTimeoutMs, TimeUnit.MILLISECONDS)
                     .readTimeout(readTimeoutMs, TimeUnit.MILLISECONDS)
+                    .followRedirects(false)
                     .build();
         }
         Request.Builder requestBuilder = new Request.Builder().url(uri.toString());