We are a customer of Okta API Access management. I am putting a proposal for how tokens need to be handled.
A question came up -
Do ID/Access Token automatically expire when Okta session expires?
ID token expiration in 2 hours
Access token expiration in 2 hours
Okta session expires in 1 hour.
Will Okta’s /introspect end-point return TRUE for 2 hours - past Okta’s session?