i try to login using signInWithRedirect with idp (linkedin) and after sucess i get only accessId and tokenId but not sid(for session) below is the config
@karmjeet19! For automatic refresh tokens you need the following:
1. autoRenew: true - @okta/okta-auth-js - npm
2. You’ll need to enable refresh token rotation for your app on your Okta dashboard as noted here - Refresh access tokens | Okta Developer > Enable refresh token rotation.
3. Lastly, I see you have PKCE enabled so you’ll also need to list offline_access scope as well see - Refresh access tokens | Okta Developer > Example request for an authorization code and refresh token
As far as I understand, refresh token is not required when you are creating cookie with long lifetime right ? It will just reauthrnticate automatically
Hi @Lonli-Lokli! Yes, a refresh token is not required when creating a cookie as they are independent of each other - see similar discussions here - How will session expire time and refresh token lifetime work together? - #2 by andrea. Specifically, if a user’s session expires they will still have access to the application with the refresh token option enabled, so be sure to revoke the user’s tokens on logout.