rohitj
1
We are a customer of Okta API Access management. I am putting a proposal for how tokens need to be handled.
A question came up -
Do ID/Access Token automatically expire when Okta session expires?
Example:
ID token expiration in 2 hours
Access token expiration in 2 hours
Okta session expires in 1 hour.
Will Okta’s /introspect end-point return TRUE for 2 hours - past Okta’s session?
Thanks,
Rohit
rohitj
2
Based on my test -
ID token expiration is independent of Okta Session expiration.
Access token expires based on the expiration time.
I was looking into it from the context of documenting bad practices and risks.
system
Closed
3
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.