This article explains an issue in which Okta Workflows does not initiate an automated refresh call when an access token expires. The system fails to trigger the /token call, which requires manual re-authorization of the connection to restore functionality. This behavior is observed when the client-side Application Programming Interface (API) returns a response other than 401.
- Okta Workflows
- Client Credentials Authentication
- Open Authorization (OAuth)
- Okta Classic Engine
- Okta Identity Engine (OIE)
The automated token renewal process in Okta Workflows is specifically triggered by a "401 Unauthorized" response from the client/vendor API. When the client/vendor API returns any response code other than 401 upon token expiration, the workflow engine does not recognize the response as a token refresh request.
For workflows using Client Credentials or OAuth, the client/vendor API must be configured to return the correct response code to support automated token management.
- Configure the client/vendor API to return a "401 Unauthorized" response when an access token expires.
- If the client/vendor API must continue to return any other response code, develop a custom flow within Okta Workflows to catch that error and manually trigger the refresh token call.
