Hi All,
Recently I integrated an OIDC application with OKTA for SSO. Token endpoint of OKTA says 1hr for access token expiry. I wanted to understand, once user gets authenticated via OKTA and SSO is successful does the access token expiry effects the app user session that is after 1hr will the user be challenged for authentication again.
Hi Vyalla,
The expiration of an access token in an OIDC integration does not directly affect the user session in the SSO application. The access token (with a 1hr lifespan in your case) is used to authenticate requests to the resource server for that period. However, its expiration doesn’t automatically log out the user from the SSO application or prompt for re-authentication.
If your application needs to make a request on behalf of the user after token expiration, you will need to acquire a new token. You can do this by using a refresh token without the user needing to authenticate again. Ultimately, whether the user needs to authenticate again after token expiration depends on your application’s approach for token renewal and session management.