I need a token( or key) to use in API request as bearer token. The idea is to set it once for user and access resources without login. I tried to use access_token for it, but max expiration time is 1 day. So, I need a token: - With expiration time >30 days - which can uniquely identifies user - Contains authentication data, like roles and groups Any idea how it can be done with OKTA?
Asked
Active
Viewed 559 times
1 Answers
4
If you're using OAuth in conjunction with Okta, you can use a refresh_token (which can have a much longer expiration - including unlimited) to fetch a new access_token.
So, you wouldn't need end user (resource owner) interaction. But, when the access_token expires, you would need to fetch a new one using the refresh_token.
afitnerd
- 726
- 3
- 8
-
Thanks for response. It one of the options I though about. The downside of this is that client should be aware of it: client should use new token. Like it can't be done silently on backend. I'm looking for solution where client is not aware about expiration for like 30 days: client just use same token to access resources without login prompt. – Aram Aslanyan Sep 14 '18 at 19:30
-
Just to make sure we're on the same page, there would be a single login. From that point on, when the access token expires, the refresh token is used to get a new access token. The purpose of this approach is to ensure that you don't need any additional user interaction (such as login) for the life of the refresh token. – afitnerd Sep 17 '18 at 03:48