ID/Access Token and Okta Session

rohitj · April 8, 2020, 4:22pm

We are a customer of Okta API Access management. I am putting a proposal for how tokens need to be handled.

A question came up -
Do ID/Access Token automatically expire when Okta session expires?

Example:

ID token expiration in 2 hours
Access token expiration in 2 hours
Okta session expires in 1 hour.

Will Okta’s /introspect end-point return TRUE for 2 hours - past Okta’s session?

Thanks,
Rohit

rohitj · April 8, 2020, 9:08pm

Based on my test -

ID token expiration is independent of Okta Session expiration.
Access token expires based on the expiration time.

I was looking into it from the context of documenting bad practices and risks.

system · January 23, 2024, 11:08pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Access Token vs Session Expire Time Questions	3	5413	February 12, 2024
Does Access Token Expiration in OIDC Integration effect the User session of SSO APP OAuth/OIDC	2	2137	February 15, 2024
Incorrect Exp timestamp in IdToken OAuth/OIDC	3	4067	January 8, 2020
Does Okta maintain log in session Questions	25	4261	February 12, 2024
Okta ideal state session expiration bug API api	6	2440	September 8, 2022