Session Refresh

Hi,
I’am using silent refresh to improve long session user experience.
However silent refresh can not work if the global Okta session has ended.
So i’am trying at first to extend Okta session via POST on /api/v1/sessions/me/lifecycle/refresh from an Angular application.
After many test this strategy seems to be a dead despite the doc, am i wrong ?
First: I’m using Authorization code with PKCE : I discover that on this flow the last call to “Okta token api” erase in return sid cookie that can provide me okta_session_cookie → set-cookie sid=“”; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Second: On my angular app when i receive my access token if a call https:///api/v1/sessions/me i get a 404 → getting an access token should mean i have a valid session no ! .
Can you tell me if i can extend an Okta session from an angular app using Authorization code with PKCE ? (if yes how)

Regards

If you are on Okta Identity Engine, a number of the /Sessions API requests are no longer supported, so that might be what you’re running into: Understand how sessions work after the upgrade | Okta Developer

Have you at all looked into using Refresh Tokens instead to keep the user logged in? That way your application session is no longer dependent on the existence of the Okta session itself, and can simply use its own refresh tokens to keep user’s application session active.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.