VitalyB.73043 (Customer) asked a question.
How is "@okta/okta-react" is able to log me in with an expired access token?
Hi,
I am using @okta/okta-react to login, in the following manner:
export const Home = withAuth(({auth}: {auth: any}) => {
const authCheck = await auth.isAuthenticated();
}
Without a valid authentication, I get false, as expected. Once I login and get a valid accessToken and idToken and run the function, I get true, as expected again.
However, even when the access token expires (e.g 3 hours), Okta is still somehow able to log me in and isAuthenticated returns true. I am using implicit grant type, so I don't have a refresh token. How is okta able to log me in? What information is then used to allow me to log in and what is the expiry of this extend token mechanism?
Good question. Can anyone help Vitaly out?
Hi Vitaly,
In regards to your question we would really need to confirm the setup and configuration you have to really give a proper diagnosis / response. My main question would be how you are validating that your token is expired for the implicit grant type. I would recommend opening up a support case to fully understand this issue and get a proper understanding of the flow.
This documentation here, which you may already have, could possibly shed some light.
https://github.com/okta/okta-oidc-js/tree/master/packages/okta-react
Thank you,
Brooks Johnson
Okta Support Engineer