Request for Clarification on "expiresAt" in IdxTransaction object

Questions API
1

We are implementing a password-optional signup flow and are analyzing the response we receive. During this process, we call the following method:

OktaAuth.idx.register()

{5B08AC75-714E-4EFA-93AD-2FDF5F19A399}
{5B08AC75-714E-4EFA-93AD-2FDF5F19A399}644×413 90.1 KB

Upon resolving, we observe a property called expiresAt, which contains a datetime value roughly 5 minutes after the API call is completed. We would appreciate more details about this property, as we are noticing behavior.

Here’s a summary of the flow:

  • Call the SDK function OktaAuth.idx.register().
  • User kept idle for 5 minutes. ( no SDK functions were triggered )
  • After 5 minutes, call the proceed function to verify the OTP.
const inputValues = {
   "verificationCode": "197277"
};

const newTransaction = await oktaAuth.idx.proceed(inputValues);

We then received an API response with the message “The session has expired.” Does the expiresAt property play a role in this behavior? If so, could you provide more insight into how it works?

Note: we are using Angular and Okta Auth JS SDK

Many Thanks,
Anugrah

2

Hello Team,

It would be great if you could provide some updates on the query. Please let me know if you need any further information from me.

3

Hi,

I believe the 5 min timeline is coming from the lifetime of Email OTP. If the verification code is used after 5 mins the Session expired message is expected.

I would suggest against using rawIdxState, even though it contains additional info on the transaction state when using IDX flow. Since this is not a documented object, it’s functioning can be changed in future. You should ideally use the “Session Expired” Message in the UI and force the user to re-start the flow

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.