Using renewTokens results in an expired token after some time

Questions OAuth/OIDC
1

Hi, team. I’m currently using okta auth release 5.1.1 in one of our app. For some reasons after some moment, when I call renew tokens I always get expired one. Attaching some screenshot to show current scopes in the project.

Here is some code snippet showing the usage:
Initializing oktaAuth:

  const oktaAuth: OktaAuth = useMemo(
    () =>
      new OktaAuth({
        clientId,
        issuer,
        redirectUri,
        scopes: ['openid', 'profile', 'email'],
        pkce: true,
      }),
    [clientId, issuer, redirectUri],

  const securityContext: SecurityContext = {
    authState,
    authClient: {
      signInWithRedirect: (options?: SignInOptions): Promise<void> =>
        oktaAuth.signInWithRedirect(options),
      signOut: (): Promise<boolean> => {
        console.log('called signout');
        return oktaAuth.signOut();
      },
      isAuthenticated: () => {
        console.log('called isAuthenticated');
        return oktaAuth.isAuthenticated();
      },
      getAccessToken: () => {
        console.log('called getAccessToken');
        console.log({
          accessToken: authState?.accessToken?.accessToken,
          oneLevelUp: authState?.accessToken,
        });
        return authState?.accessToken?.accessToken;
      },
      renewTokens: (): Promise<Tokens> => {
        console.log('called renewTokens');
        return oktaAuth.token.renewTokens();
      },
      setTokens: (token: Tokens) => {
        console.log('called setTokens');
        oktaAuth.tokenManager.setTokens(token);
      },
    },
    capabilities: capabilitiesContext,
  };

Config options

  const options = {
    oktaConfig: {
      clientId: process.env.OKTA_CLIENT_ID || '',
      issuer: process.env.OKTA_ISSUER || '',
      redirectUri: `${window.location.origin}/okta/callback`,
      restoreOriginalUri,
    },
    capabilitiesConfig: {
      enabled: false,
    },
  };

We are using setTokens and renewTokens in some SSE event and that too when the connection fails, after some moment I get a token which has expiresAt and currentTime to only having a difference of 1 second. Am I missing something in renewTokens?

2

Few observations that I noted while monitoring my app:

  1. After sometime when the SSE connection error happens, our app emits one Okta error: The client specified not to prompt, but the user is not logged in.
  2. There is another type of issue which comes with SSE connection error and that too very sporadically. Error: Okta error: OAuth flow timed out
3

I was able to add offline_access to the scope but that also haven’t solved the problem and i’m still facing the same issue of app getting refresh again and again because of the calls happening to fetch token. My configurations looks like this right now:

  const oktaAuth: OktaAuth = useMemo(
    () =>
      new OktaAuth({
        clientId,
        issuer,
        redirectUri,
        scopes: ['openid', 'profile', 'email', 'offline_access'],
        pkce: true,
        tokenManager: {
          autoRenew: true,
          autoRemove: true,
        },
      }),
    [clientId, issuer, redirectUri],
  );
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.