Refresh social token fetched from ListSocialAuthTokens


I’m working on an API where we use Okta as identity provider.
I also provide social login via Microsoft Idp.

I have a client that needs to get hold of the social token in order to communicate directly to the Microsoft APIs.

I use the com.okta.sdk:okta-sdk-api library to fetch social tokens from Okta using the function

It returns a list of tokens that may have token type access token or refresh token.

I thought that Okta would provide a refreshed token once the social access token expired, but it turns out it does not.

Question: How am I supposed to get a valid social access token from Microsoft (or any other idp) once the current one expires? I can’t find in the documentation how to use the refresh token if that’s the solution.

Looks like we only store the Access token and the ID token issued by the external OIDC IdP. Internally, Okta also would not use a refresh token, as the only time the user’s session with their Identity Provider would matter to Okta is during the federated authentication to create their Okta session. Once their Okta session is created, that’s the only one that can be refreshed on the Okta side, so it sounds like what you’re hoping to do is not possible.