Hello,
I’ve setup an SPA application in OKTA and that does not give the option to retrieve Refresh token.
Is it possible to retrieve a refresh token using SPA applications? What would be the best approach to avoid redirecting the user to login in OKTA when the token gets expired?
Thanks,
Susana
I think you are asking a similar question as:
Thanks @tom, so /authorize with prompt=none before the token expires and that would refresh the token?
Yes, it does a very quick redirect to Okta and the app gets a new (fresh) access token. prompt=none ensures the user doesn’t see any login UI.
@nate.barbettini Thanks!
Hi @nate.barbettini. I am making a call to issuerEndpoint + ‘/v1/authorize?prompt=none’ including an existing access token in the authorization header. I am getting a CORS error even if I added my issuer and the domain where this SPA is running to trusted origins under Security > API. Any suggestions?
Thank you very much for help.
Did you find a solution to this @sart96?
If you are still facing this issue, could you capture the network traces as a har file along with the error from console and email developers@okta.com for further analysis ? Usually CORS error should not occur if the base url is added to the Trusted Origin (Security->API-> Trusted Origin) and CORS is enabled.
I am facing the same issue. Please help on this.
How to call & where to call & when to call ‘/v1/authorize?prompt=none
It depends if you are using refresh_token or not. If not, then you have to call /authorize while your Okta session is still active. If you use refresh_token call to /token any time refresh_token is still valid
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.