<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
0D54z00007hYhSpCAKOkta Classic EngineAuthenticationAnswered2024-04-16T11:23:49.000Z2022-06-07T10:44:23.000Z2022-06-20T17:46:33.000Z

8yv0o (8yv0o) asked a question.

refresh token expires even though it has unlimited lifetime on the access policy

hello,

we have a test user we want to be able to send an authorized request.

until now, we used a const refresh token to get an access token.

since we moved to the passwordless mechanism, the refresh token expires after a short time even though it has an unlimited lifetime on the access policy.

any help will be appreciated


  • Hi @8yv0o (8yv0o)​ , Thank you for reaching out to the Okta Community!

     

    According to our docs, the Lifetime should be Unlimited by default, but it's expected for it to expire if unused for 7 days.  

    That being said, the Access Policies allow the use of multiple rules, so check that the rule you are expecting to apply has the Proper Priority in the list. The same applies to the Access Policies priority if you have more than one. (Okta Admin Dashboard Security API desired Authorization Server Access Policies)

    Pasted Graphic 

    Edit Rule 

    Hope it helps! 

    Expand Post
  • 8yv0o (8yv0o)

    Hi @Mihai Negoita - Okta (Okta, Inc.)​, thank you for your answer

    as you can see we have a single policy:

    Image is not available
    with unlimited lifetime for refresh token:

    Image is not available
    even though, when we use it few times as follows:

    Image is not available
    we are getting that error after few uses of the refresh token:

    Image is not available
     

    thank you, noam

    Expand Post
This question is closed.
Loading
refresh token expires even though it has unlimited lifetime on the access policy