I have okta oidc setup and working with a dotnet core 2.1 mvc application. I am able to log a user in with Code flow. The user passes bearer tokens to the api for each call. If a call returns a 401, I want to try to refresh the token. I am able to call out to okta, and I get the refresh token just fine. I’m just not sure how I can “apply” the new info. I want to replace the access_token, refresh_token and update the cookie with the new info I received from the /token call. Since I just use .AddOpenIdConnect(o => …) in Startup.cs and dotnet core sets up the token for me once the user auth’s, I am not sure how to implement refresh token support.
Am I overthinking this one? Is the refresh flow already “built-in” like the code flow??? I have not actually tested a real expired token to see if it refreshes auto-magically…
I can’t find much info on the googles so I am posting here for help. Thanks for any!