-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access token expiry not handled when using OAuth 2.0 #363
Comments
We have also experienced issues relating to token expiry when authenticating with a private key. As a work around, we call the
We would also like to know if there's a supported way of refreshing these tokens |
Thanks @haggrip! Tried something similar to this but I was missing the trick to clear the |
@lboynton Thank you for submitting this. We will review further internally; see comment here: #364 (comment) Internal Ref#: OKTA-641384 |
My team has struggled with this issue. The way we have remediated this is to examine the Of course, happy to see that pull request closed if this is not the intended direction for the SDK. As @haggrip mentioned, perhaps an alternative future direction could be refreshing the token instead of simply clearing it and requesting a new token. |
@haggrip did your PR (#364) fix this issue? Struggling to work out if the PR was intended to fix this issue or just referenced it. I think it's still happening to me. I can't tell if that PR made it into the main branch either or just dev, perhaps @bryanapellanes-okta could clarify? |
@GraemeMeyerGT my PR only fixed a function for clearing the expired token. From what I remember, this is a workaround to get a new token. When we catch a token expired error, we clear the current token and re-attempt the request. When an existing token is not present, the SDK fetches a new token. A real solution would involve the SDK properly renewing the existing token |
Thanks. I interpret from that that the okta-sdk-python doesn't have a dedicated method/function that can be called to trigger a refresh? I haven't been able to find one, but I'm a relative newbie and I'm finding the code a bit inscrutable, so I may have missed it. The SDK also seems not to have full documentation, unless I've missed that also. For anyone else that has the same problem: My OktaClient is responding back with a 401 error, but as far as I can tell no further detail. This is after the app has been running for ~an hour, so I'm reasonably confident this is token expiry. (Token expiry time is 1 hour). I'm going to produce a bit of code to monitor the expiry time of the token and trigger a refresh/get a new token somehow. Will try to post that here when it's done. |
I've submitted my own PR (#415) to fix this issue. @bryanapellanes-okta not sure if you're "in charge" of this issue from Okta's point of view, but if anyone from Okta would be able to give me in idea whether this has a hope of being accepted, that would be much appreciated. |
When using OAuth 2.0 to authenticate with the Okta API, an access token is generated. This token is cached by the SDK and after some time expires, but there appears to be no logic in place to handle the token expiry and get a new access token.
There is a
clear_access_token
method to clear the access token, but I don't see where it's being used.The text was updated successfully, but these errors were encountered: