Okta-auth-js autorenew with MFA

andrea · March 7, 2024, 4:53pm

Are you requesting Refresh Tokens (with the offline_access scope)?

If not, autoRenew will attempt to get new tokens silently in an iframe with the getWithoutPrompt method, which involves setting the prompt parameter to none in the /authorize request made to Okta. This prevents Okta from being able to prompt the user for MFA

From what I can tell, you could either:

request the offline_access scope so that refresh tokens are retrieved and used by autoRenew to keep users logged in, but they will not be prompted for MFA (at least as far as I’m aware) for as long as their Refresh Token is active
- after the RT expires, you’re likely going to see the same login_required failure when the SDK relies on the Okta session and getWithoutPrompt method to keep the user logged in, as described above
set autoRenew to false and instead handle token renewals yourself, but you will need to use getWithRedirect to ensure that the app redirects back to Okta to log the user (that way, they can be challenged for MFA)

Post		Replies	Views
OAuthError:The client specified not to prompt, but the user is not logged in OAuth/OIDC authjs	3	34	April 4, 2025
Okta-auth-js autoRenew process Questions	6	9327	January 26, 2024
Refresh token using okta-auth-js and React (Solution) OAuth/OIDC	2	7524	January 10, 2023
Issue with Okta for Angular - session is renewed with tokens?! Questions	3	4449	March 19, 2022
Silent refresh in implicit flow (okta-signin-widget) Questions	5	4481	October 8, 2020

Okta-auth-js autorenew with MFA

Related topics