token renewal works only with 2 mins set (expireEarlySeconds)

Question

token renewal works only with 2 mins set (expireEarlySeconds)

baljinder-inmarsat opened this issue 4 years ago · 4 comments

baljinder-inmarsat commented 4 years ago

Hey Okta team,

I am trying to get the tokens to autorenew but for some bizarre reason it only works if the tokenmanger, expireEarlySeconds, config is less than to 2 minutes.

e.g
tokenManager: { autoRenew: true, expireEarlySeconds: 720, storageKey: OKTA_TOKEN_KEY } as any
will throw error: OAuthError: The client specified not to prompt, but the user is not logged in.

tokenManager: { autoRenew: true, expireEarlySeconds: 780, storageKey: OKTA_TOKEN_KEY } as any
will be successful.

Worth Mentioning this portal has just the one page with an error page and uses { useHash: true,}:

The way the flow is when redirecting back from Okta:
app-routing.module.ts:

  {
    path: '',
    component: LayoutComponent,
    canActivate: [AuthGuardService, OktaAuthGuard],
    ...

auth-guard.service.ts: To parse from URL.

    if (this.oktaAuth.isLoginRedirect()) {
      this.oktaAuth.token
        .parseFromUrl()
        .then( tokens => {
          // manage tokens
          if (tokens.tokens) {
            this.oktaAuth.tokenManager.setTokens( tokens.tokens);
          }
          return true;
        })
        .catch(() => {
          return false;
        });
    } else {
      return true;
    }
  }

Answer 1 · 2021-02-25T15:01:07.000Z

Hi @baljinder-inmarsat, thanks for reaching out.

A few questions to help with repro steps:

are you using PKCE-enabled flow?
is there a custom token lifetime policy set for access token?
are you using refresh tokens? (requires offline_access scope)
which SDK and Angular version you are using?

Answer 2 · 2021-02-25T15:29:03.000Z

@oleksandrpravosudko-okta ,Thanks for the prompt Reply.

are you using PKCE-enabled flow? yes
is there a custom token lifetime policy set for access token? Yes, Access Token lifetime 15 minutes
are you using refresh tokens? (requires offline_access scope) no
which SDK and Angular version you are using? "@okta/okta-angular": "^3.0.1" and Angular 9

Just to add, may help:
oauth2/xxxxx/v1/token
response:

access_token: "#####"
expires_in: 900
id_token: "#####"
scope: "openid"
token_type: "Bearer"

Answer 3 · 2021-02-25T16:42:51.000Z

Thanks @baljinder-inmarsat.
One more thing to confirm - does your Okta session lifetime exceed 2 minutes?

Answer 4 · 2021-02-25T17:14:49.000Z

@oleksandrpravosudko-okta many thanks. There was a test session rule added.