Here’s a weird scenario that happens in my case.
Let’s say there are 2 accounts:
abc.domain.com. There are 2 different email IDs associated with these accounts say
If I login to both these accounts using the respective email IDs in same browser but different tabs, a refresh token request seems to behave vague. So what really happens is, if
xyz.domain.com was logged in first and followed by
abc.domain.com. There is a silent refresh token fetch mechanism in the code that uses the
tokenManager.renew('accessToken') every 45 minutes. At the 45th minute of refresh token fetch for
xyz.domain.com, okta returns the accessToken values of
firstname.lastname@example.org. Because of this, the react SPA app receives a 401 from the API which then redirects to the login screen.
In the okta-js documentation, it is mentioned to use a different storageKey for same app and I’ve also made sure this storageKey is unique per domain. Yet the renewal of accessToken seems to be different.
What am I doing wrong or is there a config that needs to be done?
PS: we use the same clientId and configs which is same for both subdomains.