Okta ideal state session expiration bug

i am facing an issue with okta session api refresh when the application is in ideal state for more than 4 hr
i have set the sign-on rule to expire after 15 days if session is in ideal state but still when i leave application for over 6hour (mostly at night around 8pm and then interacts with application next day in morning around 9am)

even though the life time is much greater my okta session some how expires
how can i debug it

your help is much appreciated.

thank you

What type of application is this, is it an OIDC app? Does the session expiration at all align with your configured token lifetimes? Custom authorization servers can have custom lifetimes, while the Org server has hard-coded lifetimes, see What is the lifetime of the JWT tokens | Okta Help Center)

yes it is OIDC and
session expiration time is 30 days
and token expiration is default ie. 60 min

what i am getting is that session is still active (checked it with oktaauth.session.exist()) but when i try to get token with token.getWithoutPrompt() then i am getting OAuthError: The client specified not to prompt, but the user is not logged in.
this issue occurs when user comes to app after leaving it overnight

Why not use a refresh token to keep the user logged into the OIDC app? That way the application session is no longer reliant on the Okta session lifetime.

Can you please guide me to the configuration for okta-authjs for fetching refresh tokens
and to use it for renewing accessToken


Ensure that the app you are using has Refresh Tokens enabled as an allowed “Grant type”, found under Application → General → General Settings

As long as you configure the app to request the offline_access scope, okta-auth-js will handle the token renewals for you (provided you have autoRenew enabled).

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.