Here’s a weird scenario that happens in my case.
Let’s say there are 2 accounts: xyz.domain.com and abc.domain.com. There are 2 different email IDs associated with these accounts say a@email.com and b@email.com respectively.
If I login to both these accounts using the respective email IDs in same browser but different tabs, a refresh token request seems to behave vague. So what really happens is, if xyz.domain.com was logged in first and followed by abc.domain.com. There is a silent refresh token fetch mechanism in the code that uses the tokenManager.renew('accessToken') every 45 minutes. At the 45th minute of refresh token fetch for xyz.domain.com, okta returns the accessToken values of abc.domain.com and b@email.com. Because of this, the react SPA app receives a 401 from the API which then redirects to the login screen.
In the okta-js documentation, it is mentioned to use a different storageKey for same app and I’ve also made sure this storageKey is unique per domain. Yet the renewal of accessToken seems to be different.
What am I doing wrong or is there a config that needs to be done?
PS: we use the same clientId and configs which is same for both subdomains.