ManoharK.97029 (Customer) asked a question.
Single Sign On (SSO) expire refresh Token on password change.
We have implemented SSO with Open-ID Connect in our Mobile Application.
Once the user logged in with SSO and using the APP, If the user changes the OKTA password or if the password is Expired. How do we know at our Mobile Application level.
Even we tried to get a new Access Token, with Refresh Token, after the User changes the OKTA password.
Is there any why to expire Refresh Token, when the user changes OKTA account Password?
So that, we will ask user to authorize again.
Thank you
Currently, refresh tokens don't expire. We do have an Early Access feature that allows for refresh token rotation which is where the refresh token expires after a single use.