Something we started noticing in about the past month is when users try to deep link to a secured route, it seems that they can actually get through to the secured route without an active access or id token.
They have the okta-token-storage in local storage, however at this point the tokens are expired (from a previous session which they left or never manually logged out of). Shouldn’t the SecureRoute functionality check that its an active token and not expired before letting the user through? Is there a suggested workaround we should be implementing?
We’re utilizing the following libraries:
“@okta/okta-auth-js”: “^5.4.2”,
“@okta/okta-react”: “^6.1.0”,
“@okta/okta-signin-widget”: “5.10.1”,