We're running into an interesting issue on our login proxy.

We're using a ServiceCallout to check if a user is active and can login, after which we retrieve the login data and get an Oauth2.0 token in the second ServiceCallout flow. But as you can see in the traces below the three flows are missing from trace 1, only when I disable one of the policies they show up as seen in trace 2.

Also, in trace 1 there are two ServiceCallout.response bodies, one containing the correct 200 JSON body and one containing a 401 Unauthorised body. Which is also weird, as the response should be loaded into oktaLoginResponse instead.

Trace 2 correctly retrieved the first ServiceCallout response and loads the 200 message into oktaLoginResponse, but then goes wrong as soon as it hits the disabled policy (logical of course). Then as soon as I turn the last disabled flow on again, the proxy behaves like trace1 again.

If anyone has any idea I'd gladly listen and try it out!

Bas