Brett Ritter

@jamesking - Yes! We now have One Time Refresh Tokens available in Early Access. (https://developer.okta.com/docs/release-notes/#one-time-use-refresh-token-is-now-in-early-access-ea) These allow you to request a refresh token and okta-auth-js will use it to renew...

@bordecal - Thanks for the detailed report. Interesting. We moved away from the previous model because retrieving data shouldn't CHANGE that data - those side effects were causing any number...

@djfdev - Thanks for the report and solid explanation. Internal ref: OKTA-300072

@jberube - yes, the goal of that ticket is to rely on .well-known for endpoints unless specifically overridden, for all flows

@kyeotic - you aren't reading github wrong, but our bot interacts with github oddly. The code from the PR was merged: - you can see it on the list here:...

@kyeotic - I've left Okta so I'm afraid I can't be very helpful. But, looking at the linked PR: - As you say, you can't set the well-known endpoint, it...

@Mak2492 - Thanks for the report. Unfortunately we're unable to determine which SDK would be involved (if any) from your description. I recommend you reach out to our support team...

@jelhan - Thanks for the report. You have run afoul of the defaults, which says that a user is not "authenticated" without both an idToken and an accessToken. (see https://github.com/okta/okta-auth-js#authstatemanager...

( I spent several minutes trying to find a way to say "well that's not good" in a professional manner) I'll consult with the rest of the team to figure...

Internal ref: OKTA-352791