Getting a fresh JWT on demand

We are using access type claims in Okta which are included in the JWT at login time. If while a user is logged in there are some changes to the values of any of these claims, those changes are not reflected in the JWT until a new one is generated. Is there a way to force the regeneration of a JWT on demand rather than waiting for the JWT to expire or having to log out and then login again?

If you have a valid Okta session, you can pass along a session token to get a new access token. Also known as API-based user sign in flow. Note, this relies on third-party cookies.

Here’s the method in okta-auth-js as GitHub - okta/okta-auth-js: The official js wrapper around Okta's auth API
API - OpenID Connect & OAuth 2.0 API | Okta Developer

Alternatively, if you have a refresh token, you can get a new set of access tokens in exchange.

1 Like

Thanks. I will try and check that out.

We ended up getting code similar to that referred to in your post in GitHub. One problem we had to overcome was realizing that our version of “@okta/okta-angular” needed to be updated. We went from 2.2.0 to 3.1.0 and that got us going. We still have not made it through all of the needed changes caused by that upgrade - but we are getting there.

1 Like

This did end up working out for us.

1 Like