My team and I have a few questions around how to go about getting a new id_token from Okta. We have a specific use case where we need to use our existing Okta session to authenticate through the Amazon Cognito service. We are capable of making the first authentication through Cognito just fine using the Okta id_token. However, Cognito sessions expire after every hour and need to be refreshed by providing a new id_token. See the photo here of an example of how this is typically done through purely Cognito:
The code in the image indicates the ability to refresh Cognito using first the refresh_token to get an id_token. The id_token provides the session extension. For our Okta session, which lasts much longer than the Cognito session, we’ve been using the refresh_token approach to get a new access_token and then extending our sessions with that. Is there a way that Okta can provide a new id_token on request without disrupting the current user session? Or is the id_token unique to the session so it would require a new or refreshed session to get one?