The requirement is to validate the tokens locally in our .net code but can not achieve that as currently as my client’s production tenant does not have the oauth2/detault i.e. using org auth server. So if we plan to migrate the applicant to custom default auth server, then there is an issue with existing logged-in users how we can keep them logged in.
For time being we can validate the existing users from okta as tokens are short-lived so we do not need to support this for a long time, but the token can be refreshed by the refresh token.
My question is that, is there a way to provide users new token from custom default auth server when they request for a new token from refresh token without asking them the username and password again for the token(i.e. without logging them out)?
Or is there any other way to migrate existing logged-in users from org auth server token to custom auth server token?