Hello, new to Okta here and after much fighting with the documentation, I thought I’d ask for some support.
Quick overview of the app.
Laravel Backend (including user database) - Server
JS (Vue) front-end (not SPA) - Client
Mobile (react native) - Client
What I need to do is to have the users log in through Okta and ensure that the user is not logged out from Okta when calling for a resource from the server.
I have followed the Laravel Okta tutorial and have successfully implemented Socialite and the Okta driver for it so users can now log in through Okta, and I have also setup a redirect for the log out which also seems to work. The way I get the user is by matching the e-mail from the Okta user with a user from my database, then authenticate that user within Laravel.
My main question is what is the flow that I need to take in order to verify that the user’s access token is not expired and if it is, attempt to refresh it so, as far as the user is logged in Okta, they will be logged in the app too.
This also needs to work for the REST api that the mobile client will consume. I have tried following the validate access tokens tutorial for PHP but the okta/jwt-verifier package can not be installed due to it having outdated dependencies that conflict with mine.
I guess I am not entirely clear on how verifying + refreshing works and how to ensure a user will not be allowed to access the resource on the back-end if they have been logged out or removed from okta.