OIN SSO Apps and offline_access or refresh tokens, how to handle long sessions?

Per the documentation (OIN submission requirements | Okta Developer):

The offline_access scope isn’t available because refresh tokens aren’t supported for integrations published in the OIN.

I don’t quite understand the logic there, but I’m willing to accept it. I just wonder how do we handle longer-lived sessions than 1 hour? If I can’t use a refresh token on the backend then I’ll have to send the user to okta for an oauth dance every hour, possibly disturbing their work. This sounds very sub-optimal to me. Is there an alternative to refresh tokens?

Related question Is it possible to refresh token in OIDC application published to OIN? but this was 3 years ago, I am hoping something changed, or that someone has an alternative to sending the user back to Okta once an hour to check account validity.

Hi, as of now OIN apps doesn’t support refresh tokens.

But we are always interested in feedback from our users about features they’d like to see added to the product. You can submit a feature request to Okta Ideas, more information about how to use Okta Ideas found here: Okta Help Center (Lightning) .
Once ideas are submitted, other Okta admins will have the ability to vote on them to help our Product team prioritize requests. Additionally, you will be able to monitor the potential for future enhancements there.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.