Hey all. It’s the first time I am working with both okta & refresh tokens. At the moment I am trying to implement a solution using refresh token for a client side application and I am using the okta javascript sdk. I found that the token.renewTokens seems to do what I need (makes a post call to the /token endpoint and provides me with a new set of tokens, id_token, access_token and refresh_token in my case). My problem comes when I am trying to test some corner cases, more specifically the following:
While I am authenticated with okta I then decide to terminate my session on the sso_server. The I proceed to perform the POST request to /token via the token.renewTokens method. My expectation would be that this should result into an error but actually the call is successfull and I receive a new set of tokens. I am sure my session is terminated as calling oktaAuth.session.exists() return false in after I have terminated my session (but always returns true while my session is active).
Hope someone here can help me.