It's been asked previously whether it is possible to extend or configure the expiration for the id token that an Okta authentication server generates:

• https://support.okta.com/help/s/question/0D50Z00008G7UgwSAF/how-to-change-id-tokens-lifetime
• https://support.okta.com/help/s/question/0D51Y00005lGBR2/is-it-possible-to-set-the-idtoken-lifetime-length

And Okta employees of dutifully regurgitated the documentation stating that it is hard coded to 1 hour (https://developer.okta.com/docs/reference/api/oidc/*token-lifetime). But nobody has bother to explain why it is like this?! Or how one is suppose to create a application using Okta for authentication that doesn't have either a completely abysmal user experience of forcing the user to re-authenticate every hour, or resort to some sort hack like ignore JWT expiration and checking the Issued At timestamp instead. If there is some documentation on how to get a refreshed id token without harassing my user that would be helpful, however that's kind of a crap solution since it's just making extra work for me when you ought to just be letting me configure Id Token expiration like I can configure Access Token expiration.