400 Bad Request Page - Only after the idtoken expires

Questions OAuth/OIDC
1

Hi,
I have a angular application using the latest Okta Angular SDK, 3.0.1.

I have decided to manually handle my tokens.
The logic I have is quite simple. After every 15 minutes I will renew the access code, store it in the localstorage, and after an hour when the idToken expires I will log them out.

// when idToken expires or clicking the logout button
let options: SignoutOptions = { postLogoutRedirectUri: environment.okta.postLogoutRedirectUri };

          if (!!token.token) {
            options = { ...options, idToken: token.token };
          }

this.oktaAuth.signOut(options);

However, when I tried to log back in after an hour I see the 400 Okta error page but I won’t see this if I logout within the hour.

Only happens after an hour when the idToken has expired, weird?.

FYI
are you using PKCE-enabled flow? yes
is there a custom token lifetime policy set for access token? Yes, Access Token lifetime 15 minutes.
are you using refresh tokens? no.
which SDK and Angular version you are using? “@okta/okta-angular”: “^3.0.1” and Angular 9.
using session? no, not my decision.

Much Appreciated.

2

do you have some more information about the exact request done? is the ID token cleared from storage after it expires and is not sent to /logout?

3

Right, looks like I completely misinterpreted on what happens.

Its got nothing to do with the code or the token id being expired.
It’s to do with leaving the Okta login page idle.

What was happening when I initially saw the “400 - Bad Request” page. I had not kept track on how long I had been logged out. So when I would come back to the screen I would notice I had logged out, which was my main goal, but not aware how long I had been logged out. However when I logged back in I saw the error page.

I’m guessing the threshold is 15 mins because the test I done was every 5 mins.

e.g.
staying on the login page for 5 mins and then login - worked
staying on the login page for 10 mins and then login - worked
staying on the login page for 15 mins and then login - 400 error

Worth mentioning, After seeing the 400 error page. I am able to go in to the application without re-entering my credentials again.
This does not feel right?? Seeing the 400 error page gave me the impression that my form, login, I submitted did NOT submit successfully but in the background I am because I can go to the application and use it without reentering my credentials.

@Fuzzard Thank you for time to reading this