okta-auth-js icon indicating copy to clipboard operation
okta-auth-js copied to clipboard

Published 20 hours ago verified publisher icon okta

[Question] How to reliably test expired Jwt's?

Open tomspeak opened this issue 3 years ago • 2 comments

Describe the feature request?

I am experiencing an issue where the Jwt is expiring in the background, and a new token is not being requested. This appears to be related to when a user goes inactive or keeps the tab in the background, comes back an hour+ later and attempts to interact with the web app.

I am trying to reliably reproduce this but am struggling to set up my local dev to allow me to generate short lived tokens that I can quickly expire so I can reproduce the issue on demand.

I am using the OIDC flow with React, if that changes anything.

New or Affected Resource(s)

N/A

Provide a documentation link

No response

Additional Information?

No response

tomspeak avatar Jun 08 '22 17:06 tomspeak

Without a code snippet or more info on how your application has implemented Okta, I can only provide general guidance

This method will verify idTokens: https://github.com/okta/okta-auth-js#tokenverifyidtokenobject

If you're trying to handle token expired events manually, I suggest starting here: https://github.com/okta/okta-auth-js#tokenmanageronevent-callback-context

okta-auth-js also offers a "service mode" where the OktaClient will handle certain scenarios in the background. Token auto-renew is one of these services. This service is enabled by default assuming await oktaAuth.start() is called inside your application. (NOTE downstream sdks like okta-react call .start on your behalf) More info on services: https://github.com/okta/okta-auth-js#running-as-a-service https://github.com/okta/okta-auth-js#services

Hope this helps

jaredperreault-okta avatar Jun 08 '22 18:06 jaredperreault-okta

@tomspeak We are also experiencing that behavior on 6.7. Despite the docs claiming that auto-renew is enabled and active mode is enabled, it does not appear to working reliably and only refreshes the token after providing a few expired tokens. We can verify this as certain requests retry on 401s and we can see the token being renewed after a couple seconds.

One thing working locally is to explicitly set this in the config:

        tokenManager: {
          autoRenew: true,
        },
        services: {
          autoRenew: true,
        },

I'm guessing this is related to the following issue: https://github.com/okta/okta-auth-js/issues/718. It's pretty awful how many regression there are in even minor releases.

estormfield avatar Jul 08 '22 10:07 estormfield