Hi team,
I have implemented okta authentication using PKCE flow in my Angular project and I have two issues now.
1.) I have enabled refresh Token in OKTA admin app setting and offline_access is added in scopes. And I could see the refreshToken in my localStorage under the key “Okta-token-manager”.
Even after doing all these user is getting signed out after 1 hour of inactivity/idle. And in tokenManager.on(‘error’) I got error “refresh-token-is-expired-or-invalid”.
So what might be the reason for this issue and how do I handle this.
Note: The above error is not often, but I could see very rare
2.)And for every Api request ,we are validating the token for every one hour once, I got unauthorized error from my backend api, because of the expired bearer token is been passed in request headers. So even after enabling the refresh token feature why am I not getting new accessToken. and I don’t capture any error during this time.
version we are using : @okta-auth-js ^6.6.2
angular v12
Hi, Thanks for the response.
I’m currently calling oktaAuth.start() when listening to the tokenManager.on('expired') event, and I’m successfully obtaining a new token. Is this considered good practice?.
Additionally, I have a question about the configuration. Should we set **autoRemove** to false when using the refresh token? I came across a discussion on a GitHub forum where someone suggested this approach. Providing screenshot and link for reference.
