Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refresh token is not working as expected #188

Open
VasantHugar opened this issue Apr 22, 2024 · 4 comments
Open

Refresh token is not working as expected #188

VasantHugar opened this issue Apr 22, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@VasantHugar
Copy link

Describe the bug?

We are using OktaWebAuthenticationUI for Okta login into our iOS Swift app. When user signedIn on the app, we store the unique id of the token to fetch token based on unique id for later use

Store token and id

try Credential.store(token)
UserSettingsHelper.setObject(object: token.id, forKey: Constants.k_OktaTokenId) 

Fetch:

        if let tokenId = UserSettingsHelper.object(for: Constants.k_OktaTokenId) as? String {
            do {
                let credential = try Credential.with(id: tokenId)
                self.refreshIfNeeded(credential: credential)

                // this is used as an access_token for all our api calls
                let token = credential.token.accessToken
            } catch let error as NSError {
                print("Error: ", error.localizedDescription)
            }
        }
    }
 
func refreshIfNeeded(credential: Credential) {
        Task {
            do {
                try await credential.refreshIfNeeded()
            } catch {
               print("Error: \(error.localizedDescription) while calling refreshIfNeeded")
            }
        }
    }

Above code works well and good until it expires. token is not getting refresh after 6-7days(expired).

Question:

  • What is the best way to retrieve the token for later use?
  • How to refresh the token?
  • does okta generates new token with new id after refresh? if yes should we use new token id to fetch the token for later use.
  • Could you please share us sample project?

What is expected to happen?

  • We should be able to fetch token for later use
  • Refresh token should work with logout and login if expired

What is the actual behavior?

Refreshed token is not working even after calling refreshIfNeeded() func

Reproduction Steps?

Steps

  • Login into okta
  • Wait for 6 to 7days till it expires
  • Use the availble token to call an api.
  • Api should work

Additional Information?

No response

SDK Version(s)

pod 'OktaWebAuthenticationUI', '1.6.1'

Build Information

No response

@VasantHugar VasantHugar added the bug Something isn't working label Apr 22, 2024
@VasantHugar VasantHugar changed the title Access and token Refresh token is not working as expected Apr 22, 2024
@apoorv-trikha-ev
Copy link

Can someone please respond on the issue?

@apoorv-trikha-ev
Copy link

@mikenachbaur-okta ^^^^

@mikenachbaur-okta
Copy link
Contributor

Hello @apoorv-trikha-ev, my apologies for the late response.

The token should still remain in storage, and should be able to be loaded properly. After 6-7 days it's almost certain that the access token will have expired, so a refresh does seem necessary. It very well might be that the refresh token may have expired in the interim. If this happens, the user won't have any choice but to reauthenticate, unless the expiration time of the refresh token is extended.

Additionally though, I wonder if you've seen the Credential.default API, which seems like it might be a much simpler way to track the current user's credential. It is built with the idea of quickly fetching a credential when only one is used, without you having to manually track the ID in your own storage.

For example:

let credential = try Credential.store(try await WebAuthentication.shared?.signIn(from: view.window))
Credential.default = credential

You can refer to the Managing User Credentials documentation for more information on the options available to you.

@mikenachbaur-okta
Copy link
Contributor

@VasantHugar @apoorv-trikha-ev Have you managed to resolve this issue, or are you still experiencing problems with using the refresh token?

Alternatively, do you have any feedback on the SDK and its credential storage capabilities? Your application may be needing to use the SDK in ways we hadn't anticipated, so I'd like to see if there's anything we can do to simplify your development.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants