Some users are getting intermittently logged out

Hello,
I’m using a typical PKCE hosted login setup initialized once at the top of the app with the following:

@okta/okta-auth-js: “5.8.0”
@okta/okta-react": “6.1.0”

const okta = new OktaAuth({
issuer: REACT_APP_ISSUER,
clientId: REACT_APP_CLIENT_ID,
redirectUri: window.location.origin + ‘/login/callback’,
pkce: true,
tokenManager: {
autoRenew: true
}
});

const restoreOriginalUri = async (_oktaAuth, originalUri) => {
history.replace(toRelativeUrl(originalUri || ‘/’, window.location.origin));
};








For the most part we have had no issues, however after deploying to several environments some users are complaining about being intermittently logged out. I use the application daily and cannot reproduce the issue. To rule out typical session expiration I set the sign in policy to over 8 hrs and was able to going an entire day without hitting an expiration break point as expected. At this point, I use so little of the API surface I am just learning what issues might be possible. I did convince one of the users to record an HTTP archive file and it shows a request made to the login URI made in the middle of a page that just has normal application logic.
There are support tickets in the past that exhibit some of the characteristics, but they could be out dated.

Without having gone through the component source code yet, it is possible that signInWithRedirect() is getting triggered by some error ?

What is the best way to log Okta related events that might uncover this problem ?

Is it possible with some custom hook to block the normal signout workflow with a guard so that its not triggered automatically ?

Hello,

If the session that is set to 8 hours is the Okta Session, by default this is not how the okta-auth-js SDK decides if a session is still valid. By default a session is still valid if both an id and access token are present and neither have expired.

If your application is using refresh tokens and the id_token has expired along with the refresh token, you will need to authenticate again. There are a number of different ways to set this up, if the link above does not give enough information or solve the issue I suggest opening a support case so you can provide the .har file along with all the Okta SDK related config/code.