How to refresh a token silently without redirect from SPA

scopecreep · August 13, 2020, 7:47pm

Hi-
I have a SPA that needs to get a new access token prior to it expiring. In a normal refresh token scenario, I would use the refresh token to acquire a new token a minute or two before the current one is set to expire (via XHR). This would happen in response to a TokenExpiring event.

Since Okta does not give refresh tokens to SPAs, how can I accomplish it? I cannot abruptly redirect the user to the /authorize endpoint then the TokenExpiring event it emitted.

Can the silentRefresh be done with an XHR call?

Thanks,
Greg

phi1ipp · August 16, 2020, 1:03am

If you are using okta-auth-js then https://github.com/okta/okta-auth-js#tokenmanageraddkey-token should help you. Only make sure that your token expiration time is less that Okta session lifetime.

scopecreep · August 19, 2020, 10:29pm

Thanks @phi1ipp. I used the silent refresh function of oidc-client and it works.

Hakim · May 21, 2021, 4:22pm

Hi @scopecreep, could you please tell me how did you use oidc-client within your SPA ?

system · February 8, 2024, 6:15pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Refresh token in implicit flow OIDC (SPA apps) OAuth/OIDC	10	10355	November 8, 2020
Token lifetimes and refreshing token without redirect in SPA Questions	7	6734	February 23, 2021
Refresh token workflow for Angular SPA OAuth/OIDC angular	3	197	August 18, 2024
Silent refresh in implicit flow (okta-signin-widget) Questions	5	4465	October 8, 2020
Do I need to manually refresh tokens in my SPA? Questions	8	11255	January 24, 2024

How to refresh a token silently without redirect from SPA

Related topics