Can we force a full login using the okta SDK (re-auth)? Also, should we provide additional guidance to apps to enforce some sort of freshness for sensitive API operations?
Hello @erik ,
I am referring to Okta Auth JS SDK.
If you are doing a getWithRedirect() or getWithPopup() you can add the option of prompt=login.
authClient.token.getWithRedirect({ prompt: 'login' })