I’m having issues with refreshing tokens silently in my SPA with okta-auth-js.
First of all, I went through Okta’s options, and increase the lifetime of the different options to at least a day. (Access Token lifetime up to a day, Refresh Token permanent, session lifetime 7 days). Yet I am having feedback from users that they are disconnected at least 3-4 times a day. I don’t understand why that happens when the user should be good for at least a day when they log in with the given options.
Second, the autoRenew works, however it does a redirection to Okta and then back to our login page to finish the login process. This happens quickly and the user is redirected to the page they were when the renew started, however they will also lose their unsaved progress as it went through a redirection. Is there a way to change the method used when renewing the token such that it does a background call instead of getting with the redirection ?
I have read some documentation where it says that it’s not possible to have token refresh when using the authorization code PKCE flow. Does that mean it’s not possible to have silent refresh on an SPA with this flow?