How to refresh a token silently without redirect from SPA

Hi-
I have a SPA that needs to get a new access token prior to it expiring. In a normal refresh token scenario, I would use the refresh token to acquire a new token a minute or two before the current one is set to expire (via XHR). This would happen in response to a TokenExpiring event.

Since Okta does not give refresh tokens to SPAs, how can I accomplish it? I cannot abruptly redirect the user to the /authorize endpoint then the TokenExpiring event it emitted.

Can the silentRefresh be done with an XHR call?

Thanks,
Greg

If you are using okta-auth-js then https://github.com/okta/okta-auth-js#tokenmanageraddkey-token should help you. Only make sure that your token expiration time is less that Okta session lifetime.

1 Like

Thanks @phi1ipp. I used the silent refresh function of oidc-client and it works.