User17066118826741891183 (Customer) asked a question.
OIN SSO Apps and offline_access or refresh tokens, how to handle long sessions?
Per the documentation (https://developer.okta.com/docs/guides/submit-app-prereq/main/#overview):
The offline_access scope isn't available because refresh tokens aren't supported for integrations published in the OIN.
I don't quite understand the logic there, but I'm willing to accept it. I just wonder how do we handle longer-lived sessions than 1 hour? If I can't use a refresh token on the backend then I'll have to send the user to okta for an oauth dance every hour, possibly disturbing their work. This sounds very sub-optimal to me. Is there an alternative to refresh tokens?
Hi @User17066118826741891183 (Customer) , Thank you for reaching out to the Okta Community!
This question is more appropriate for our dedicated Okta Developer Forum.
My advice would be to reach out devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products and features (non-developer work).
In the meantime, I’m not sure if the following devforum post is relevant to your particular use case, but perhaps it can offer some additional insight:
https://devforum.okta.com/t/what-does-refresh-token-lifetime-do/15180
If your question pertains to a specific app integration that you currently want to add to the OIN, please contact our colleagues who handle this at oin@okta.com .
Regards.
--------------------------------
Subscribe Today: The Okta Community is on YouTube