Is it possible to get Okta session token with OAuth flow

I can see how to get session token and session cookie via authn API.
But is it possible to get the same via OAuth flow?

Currently with OAuth flow I can only get access token
Thanks

Hi @misha,

Session token is one-time bearer token that provides proof of authentication.
If you have a session token, you can use that to obtain an OAuth access token but the other way around is not possible.

Thank you,
Raj

1 Like

Thank you for your reply @rajnadimpalli
What s the alternative? My app supports OAuth flow and I need session cookie.
Is there a way to get it without implementing webauthn?

I too have a situation where i need both sessionToken and accessToken. I can exchange sessionToken for accessToken and thats fine for API requests. But related SSO webpages which use sessionToken (/login/sessionCookieRedirect) work fine for first couple hours. But once sessionToken expires thats it. Any way to re-issue sessionToken without a full MFA process again?

Be careful with mixing up the sessionToken with the session cookie that Okta will set when the sessionToken is exchanged. See this doc for the different options for exchanging a sessionToken for a full Okta session: Sessions | Okta Developer.

If the session cookie is expiring, its because the user is not actively using Okta and having is session renewed automatically, even if they may be actively using the OIDC app for which they have an Access/ID Token. This is expected behavior, as the Okta session is only needed to initially log the user into the OIDC app, but the OIDC app itself is not dependent on the Okta session.

If you really want to look into keeping it alive anyway, you can either look to extend the user’s session via policy, Enforce a limited session lifetime for all policies | Okta, or you can try to refresh the session on their behalf. Note that this final option involves CORS requests to the Okta domain from your application and your mileage may vary with browsers that block third party cookies.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.