The okta-auth-js SDK can be used directly, or indirectly via the Okta Widget. When dealing with Token renewal there are a few different approaches that can be used.
- okta-auth-js
- Okta Embedded Sign-in Widget
- OAuth2/OIDC/Token
- Okta Identity Engine (OIE)
- Okta Classic Engine
The Okta Auto-Renew relies on timers, which can fail to fire for various reasons depending on the Device, browser, OS, and the settings of all three.
Depending on the needs, the easiest approach is to implement the getOrRenewAccessToken() function. This function will update the access_token before returning it to the caller if needed.
The above will work in most situations except where applications use a token's validity to decide if a user's session within the application is still valid. In these cases, Active Renew might be a better option. If the timer-based solution provided by the SDK does not meet the application's needs, the application could either implement its Web Worker approach and renew the tokens through the SDK API or rely on an event-based system such as the Page Visibility API.
