JwtParseError: Jwt is expired and isAuthenticated is always returning true

reactjs

#1

Hello, I have a SPA made with react which communicates with an express server. I followed this guide to get things to authenticate through Okta’s implicit flow, and for the most part it works well.

The problem comes after the JWT expires. At that point, I get the “Jwt is expired” error whenever my express server tries to verify the access token that the react app is sending. Unfortunately, the react app never tries to refresh the access token or get a new one. It always gets “true” from its this.props.auth.isAuthenticated() call.

I’m not sure how to remedy this situation yet, other than by clearing browser data manually. I haven’t found anyone quite asking about this topic, but I did see someone mention a “token manager” while talking about using a different flow. Perhaps that would be of use here? Or is there some function I haven’t found yet that needs to be called in the react app whenever the express server responds talking about an expired Jwt?


#2

For now I’ve fixed this by throwing the user to the login screen on okta.com when this happens, which instantly redirects them to the SPA with a new token. From what I could glean from looking at the code in the okta-react and okta-auth-js packages, there are likely better ways to do this, but I currently don’t have the time to fully delve into that.


#3

Hi @Peter, we have seen similar behavior with the vue.js library, we currently believe this might be an issue with the underlying library, since you reproduced in react. Thanks for pointing this out, the team may follow up with you if we need additional information


#4

@tom My pleasure. Ask me any time you need.