Hi,
Am using OpenID with OAuth 2.0 with Angular as front end and .Net Core API as backend API.
When am leaving my application idle for few hours and when am using my application again then my api calls are failing with unauthorized error. when I refresh the page everything works again. why is okta not refreshing the JWT token or at least automatically reload the page if the access token is expired? Please help me resolve this issue.
It depends on your implementation actually. Okta refreshes access token if properly configured.
Thanks for your response Philipp, below is how I implemented, please let me know what am missing. Okta is not refreshing token.
oktaConfig: {
issuer: ‘’,
clientId: ‘’,
redirectUri: ‘http://localhost:4200/login/callback’,
postLogoutRedirectUri: ‘http://localhost:4200’,
scopes: [‘openid’, ‘profile’, ‘email’],
pkce: true,
tokenManager: { storage: ‘sessionStorage’}
}
—app.module.ts—
providers: [
{ provide: OKTA_CONFIG, useValue: environment.oktaConfig }
]
interceptor.ts----
constructor(private oktaAuth: OktaAuthService) { }
const accessToken = this.oktaAuth.getAccessToken();
What page of your application are you on when the session expires? If you try to access a protected route or use a token in anyway, does the refresh occur then?
Also, I recommend enabling refresh tokens in your app (under Grant Types) and adding the offline_access scope to your config. This way you’re not dependent on the Okta session lifetime to refresh tokens for the user (which is also a potential complication).
Thanks for your reply Andrea.
after 1 hour whenever my application makes api call then i will receive unauthorized error due to token expiry.
I have added the scope offline_access to the list scopes but still the session expires.
scopes: [‘openid’, ‘profile’, ‘email’, ‘offline_access’].
Refresh token is enabled in app integration but implicit is not enabled, does this cause issue? please help me figure out what am missing.
am using angular at my SPA.
My protected Routes work fine after 1 hour but the JW token which am passing to my api calls is getting unauthorized. am using .net core api at my back end, below is how i implemented at backend
startup.cs
using Okta.AspNetCore;
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultChallengeScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultSignInScheme = OktaDefaults.ApiAuthenticationScheme;
})
.AddOktaWebApi(new OktaWebApiOptions()
{
OktaDomain = Configuration["Okta:OktaDomain"],
AuthorizationServerId = Configuration["Okta:AuthorizationServerId"],
Audience = Configuration["Okta:Audience"]
});
services.AddAuthorization();hello @andrea did you ever find a resolve for this. Having a similar issue, even with offline access scope being added.The accessToken is not being refreshed automatically
Are you using our SDKs?
@andrea Yes we are using the refresh token option as well as offline_access in the scope. Our application is using module federated microfrontend in Angular. we cannot seem to get a new token after the expiry even though we our receiving a refresh token. I was thinking okta would handle this on its own
I didn’t see it mentioned, but does that mean you are using one of the packages Okta has for OIDC (either AuthJS or our dedicated Angular library), or are you using a third party library to handle the OIDC flow? If the latter, do you know if this library is able to handle token refreshes for you?