I'm pretty new to Okta and, hope you forgive me, but I'm having trouble wrapping my head around the way users sign-on and the way tokens are refreshed and I was hoping you could help me?

So, I've managed to set up Okta logon in a Nextjs/React app and we have Okta set up fine. Occasionally, we get a problem where, if you log into the application after a while, the login fails on the callback with an "invalid_grant". It feels like this only happens when the user has to re-enter their details after a certain time, as if the user has been logged off externally outside of the app. This doesn't happen if I logout and log back in.

I'm assuming there's probably some weird state that's been left lying around that's polluting the Okta libraries. We're using a pretty default non-special setup of the `okta-react` library.

I'm trying to diagnose the problem. I know there are id and access tokens that are held by the app when everything is good. I can get the access token cycling on a period of 5 minutes, and I can see the renew event happening. I can also see the id token is on an hourly refresh, with seemingly no options to change that.

The bit that confuses me is how the application knows that enough time has passed that I need to log in again and be redirected back to Okta. As far as I can see, I as long as I call `tokenManager.get(<token_name>)` it'll refresh indefinitely. It kinda implies any stuff polluting my scope should just refresh nicely and leave me be.

I have no idea how to simulate the timeout for testing and if there are options in the admin panel to view those who are signed in and to trigger the same behaviour again, then I'm missing it.

I'm clearly missing something and any help with what the thing I'm missing would be very appreciated.