Error refresh token is expired or invalid - okta


I’m getting an error message “Refresh token is expired” when the refresh token expires, instead of being redirected to the authentication page.

For information, I have a Vue SPA with okta-vue 3.0 and okta-auth-js 4.9.2.

I saw in this issue [PKCE SPA] Expired refresh token in local storage results in an inconsistent application state · Issue #738 · okta/okta-auth-js · GitHub that the problem was fixed in version 5.2.0.

The problem is that I can’t upgrade my version to okta-auth-js 5.2.0 because I get peer dependency errors when I install it.
It seems that okta-vue version 4 is not compatible with Vue2 either, only Vue3.

Do you have a solution? should i use okta-auth-js 4.7.2 instead of 4.9.2?

Thanks for your reply.

No one to help me? :sob:

Hmm… you could try using the tokenManager.on(‘expired’, …) event to see if it can catch the token expiring so you can manually trigger a tokenManager.clear() to get them out of storage and potentially run authStateManager.updateAuthState() to try to trigger the application to recognise that the user is not authenticated

Hello Andrea,

Knowing that the expiration date of the access token and the refresh token are the same in the tokenManager (The expiresAt of the refresh token does not represent reality) so if the access token expires, it will clean the tokenStorage and there will be a redirect to the authentication page, instead of cleaning the tokenStorage when the refresh is really expired.
I tried to make an API call to /introspect, but the refresh token value is changing in the localStorage when there’s a refresh

Maybe I’m wrong

Hello Andrea, I used a bit of my method and yours. After the clear(), I call updateAuthState(), but isAuthenticated remains true, instead of false, so I’m not logged out.
Any idea?