The code below (using okta-auth-js) to renew an expired access token using a refresh token does not work.
It returns null.
I do not see any error in the Okta logs (from the admin ui).
My OktaAuth object (logged below) seems to be correct. tokenManager does contain correct refresh token as well.
I will appreciate any pointer about it. If there is a different sdk call that would be better to use,
that is fine too.
Thanks in advance.
CODE and LOGS
// Code snippet
const newToken = await myAuthClient?.getOrRenewAccessToken();
console.log(‘Tokens refreshed’, newToken);
// newToken returned is null
myAuthClient (OktaAuth object is logged below - with secrest replaced)
myAuthClient = {
options: {
devMode: false,
storageUtil: ServerStorage { nodeCache: [NodeCache], storage: [ServerCookies] },
storageManager: { token: [Object], cache: [Object], transaction: [Object] },
issuer: ‘https://MY_OKTA_DOMAIN/oauth2/default’,
httpRequestClient: [Function: fetchRequest],
pkce: true,
clientId: ‘MY_CLIENT_ID’,
redirectUri: ‘https://MY_OKTA_DOMAIN/oauth2/v1/authorize/callback’,
responseType: ‘code’,
scopes: [ ‘openid’, ‘email’, ‘offline_access’ ],
ignoreSignature: false,
dpop: false,
tokenManager: { autoRenew: true, autoRemove: true, syncStorage: true },
transactionManager: { enableSharedStorage: false },
clientSecret: ‘MY_CLIENT_SECRET’,
ignoreLifetime: false,
maxClockSkew: 3900,
services: { autoRenew: true, autoRemove: true, syncStorage: true },
flow: ‘authenticate’
},
emitter: {
e: {
added: [Array],
removed: [Array],
expired: [Array],
renewed: [Array]
}
},
features: {
getUserAgent: [Function: getUserAgent],
hasTextEncoder: [Function: hasTextEncoder],
isBrowser: [Function: isBrowser],
isDPoPSupported: [Function: isDPoPSupported],
isFingerprintSupported: [Function: isFingerprintSupported],
isHTTPS: [Function: isHTTPS],
isIE11OrLess: [Function: isIE11OrLess],
isIOS: [Function: isIOS],
isLocalhost: [Function: isLocalhost],
isPKCESupported: [Function: isPKCESupported],
isPopupPostMessageSupported: [Function: isPopupPostMessageSupported],
isSafari18: [Function: isSafari18],
isTokenVerifySupported: [Function: isTokenVerifySupported],
default: {
getUserAgent: [Function: getUserAgent],
hasTextEncoder: [Function: hasTextEncoder],
isBrowser: [Function: isBrowser],
isDPoPSupported: [Function: isDPoPSupported],
isFingerprintSupported: [Function: isFingerprintSupported],
isHTTPS: [Function: isHTTPS],
isIE11OrLess: [Function: isIE11OrLess],
isIOS: [Function: isIOS],
isLocalhost: [Function: isLocalhost],
isPKCESupported: [Function: isPKCESupported],
isPopupPostMessageSupported: [Function: isPopupPostMessageSupported],
isSafari18: [Function: isSafari18],
isTokenVerifySupported: [Function: isTokenVerifySupported]
}
},
storageManager: IdxStorageManager {
storageManagerOptions: { token: [Object], cache: [Object], transaction: [Object] },
cookieOptions: undefined,
storageUtil: ServerStorage { nodeCache: [NodeCache], storage: [ServerCookies] }
},
_oktaUserAgent: OktaUserAgent {
environments: [ ‘okta-auth-js/7.10.1’, ‘nodejs/18.18.1’ ]
},
http: { setRequestHeader: [Function: bound setRequestHeader] },
session: {
close: [Function: bound closeSession],
exists: [Function: bound sessionExists],
get: [Function: bound getSession],
refresh: [Function: bound refreshSession],
setCookieAndRedirect: [Function: bound setCookieAndRedirect]
},
transactionManager: IdxTransactionManager {
storageManager: IdxStorageManager {
storageManagerOptions: [Object],
cookieOptions: undefined,
storageUtil: [ServerStorage]
},
enableSharedStorage: false,
saveLastResponse: true,
options: { storageManager: [IdxStorageManager], enableSharedStorage: false }
},
pkce: {
DEFAULT_CODE_CHALLENGE_METHOD: ‘S256’,
generateVerifier: [Function: generateVerifier],
computeChallenge: [Function: computeChallenge]
},
_pending: { handleLogin: false },
_tokenQueue: PromiseQueue { queue: , running: false, options: { quiet: false } },
token: {
prepareTokenParams: [Function: bound prepareTokenParams] AsyncFunction,
exchangeCodeForTokens: [Function: bound exchangeCodeForTokens] AsyncFunction,
getWithoutPrompt: [Function: bound push],
getWithPopup: [Function: bound push],
getWithRedirect: [Function: bound push],
parseFromUrl: [Function: bound push] {
_getHistory: [Function: _getHistory],
_getLocation: [Function: _getLocation],
_getDocument: [Function: _getDocument]
},
decode: [Function: decodeToken],
revoke: [Function: bound push],
renew: [Function: bound push],
renewTokensWithRefresh: [Function: bound push],
renewTokens: [Function: bound push],
getUserInfo: [Function: getUserInfo],
verify: [Function: bound verifyToken] AsyncFunction,
isLoginRedirect: [Function: bound isLoginRedirect],
introspect: [Function: bound oidcIntrospect] AsyncFunction
},
tokenManager: TokenManager {
sdk: [Circular *1],
emitter: { e: [Object] },
options: {
autoRenew: true,
autoRemove: true,
syncStorage: true,
clearPendingRemoveTokens: true,
storage: undefined,
expireEarlySeconds: 30,
storageKey: ‘okta-token-storage’
},
storage: SavedObject {
storageName: ‘okta-token-storage’,
storageProvider: [CustomStorageProvider]
},
clock: SdkClock { localOffset: 0 },
state: { expireTimeouts: [Object], renewPromise: null }
},
endpoints: {
authorize: { enrollAuthenticator: [Function: bound enrollAuthenticator] }
},
authStateManager: AuthStateManager {
_sdk: [Circular *1],
_pending: { updateAuthStatePromise: null, canceledTimes: 0 },
_authState: {
accessToken: [Object],
idToken: [Object],
refreshToken: [Object],
isAuthenticated: true
},
_logOptions: { event: ‘added’, key: ‘refreshToken’, token: [Object] },
_prevAuthState: null,
_transformQueue: PromiseQueue { queue: , running: false, options: [Object] }
},
serviceManager: ServiceManager {
sdk: [Circular *1],
options: { autoRenew: true, autoRemove: true, syncStorage: true }
},
idx: {
interact: [Function: bound interact] AsyncFunction,
introspect: [Function: bound introspect] AsyncFunction,
makeIdxResponse: [Function: bound makeIdxState],
authenticate: [Function: bound authenticate] AsyncFunction,
register: [Function: bound register] AsyncFunction,
start: [Function: bound startTransaction] AsyncFunction,
startTransaction: [Function: bound startTransaction] AsyncFunction,
poll: [Function: bound poll] AsyncFunction,
proceed: [Function: bound proceed] AsyncFunction,
cancel: [Function: bound cancel] AsyncFunction,
recoverPassword: [Function: bound recoverPassword] AsyncFunction,
handleInteractionCodeRedirect: [Function: bound handleInteractionCodeRedirect] AsyncFunction,
isInteractionRequired: [Function: bound isInteractionRequired],
isInteractionRequiredError: [Function: isInteractionRequiredError],
handleEmailVerifyCallback: [Function: bound handleEmailVerifyCallback] AsyncFunction,
isEmailVerifyCallback: [Function: isEmailVerifyCallback],
parseEmailVerifyCallback: [Function: parseEmailVerifyCallback],
isEmailVerifyCallbackError: [Function: isEmailVerifyCallbackError],
getSavedTransactionMeta: [Function: bound getSavedTransactionMeta],
createTransactionMeta: [Function: bound createTransactionMeta] AsyncFunction,
getTransactionMeta: [Function: bound getTransactionMeta] AsyncFunction,
saveTransactionMeta: [Function: bound saveTransactionMeta],
clearTransactionMeta: [Function: bound clearTransactionMeta],
isTransactionMetaValid: [Function: isTransactionMetaValid],
setFlow: [Function: setFlow],
getFlow: [Function: getFlow],
canProceed: [Function: bound canProceed],
unlockAccount: [Function: bound unlockAccount] AsyncFunction
},
fingerprint: [Function: bound fingerprint],
myaccount: {
getProfile: [Function: bound getProfile] AsyncFunction,
getProfileSchema: [Function: bound getProfileSchema] AsyncFunction,
updateProfile: [Function: bound updateProfile] AsyncFunction,
addEmail: [Function: bound addEmail] AsyncFunction,
deleteEmail: [Function: bound deleteEmail] AsyncFunction,
getEmail: [Function: bound getEmail] AsyncFunction,
getEmailChallenge: [Function: bound getEmailChallenge] AsyncFunction,
getEmails: [Function: bound getEmails] AsyncFunction,
sendEmailChallenge: [Function: bound sendEmailChallenge] AsyncFunction,
verifyEmailChallenge: [Function: bound verifyEmailChallenge] AsyncFunction,
addPhone: [Function: bound addPhone] AsyncFunction,
deletePhone: [Function: bound deletePhone] AsyncFunction,
getPhone: [Function: bound getPhone] AsyncFunction,
getPhones: [Function: bound getPhones] AsyncFunction,
sendPhoneChallenge: [Function: bound sendPhoneChallenge] AsyncFunction,
verifyPhoneChallenge: [Function: bound verifyPhoneChallenge] AsyncFunction,
deletePassword: [Function: bound deletePassword] AsyncFunction,
enrollPassword: [Function: bound enrollPassword] AsyncFunction,
getPassword: [Function: bound getPassword] AsyncFunction,
updatePassword: [Function: bound updatePassword] AsyncFunction
},
tx: {
status: [Function: bound transactionStatus],
resume: [Function: resume],
exists: [Function: bound transactionExists],
introspect: [Function: introspect],
createTransaction: [Function: createTransaction],
postToTransaction: [Function: postToTransaction]
},
authn: {
status: [Function: bound transactionStatus],
resume: [Function: resume],
exists: [Function: bound transactionExists],
introspect: [Function: introspect],
createTransaction: [Function: createTransaction],
postToTransaction: [Function: postToTransaction]
}
}
// Log of returned value
Tokens refreshed null
New access token: null