Refresh token is not working as expected

[VasantHugar]

Describe the bug?

We are using OktaWebAuthenticationUI for Okta login into our iOS Swift app. When user signedIn on the app, we store the unique id of the token to fetch token based on unique id for later use

Store token and id

try Credential.store(token)
UserSettingsHelper.setObject(object: token.id, forKey: Constants.k_OktaTokenId) 

Fetch:

        if let tokenId = UserSettingsHelper.object(for: Constants.k_OktaTokenId) as? String {
            do {
                let credential = try Credential.with(id: tokenId)
                self.refreshIfNeeded(credential: credential)

                // this is used as an access_token for all our api calls
                let token = credential.token.accessToken
            } catch let error as NSError {
                print("Error: ", error.localizedDescription)
            }
        }
    }
 
func refreshIfNeeded(credential: Credential) {
        Task {
            do {
                try await credential.refreshIfNeeded()
            } catch {
               print("Error: \(error.localizedDescription) while calling refreshIfNeeded")
            }
        }
    }

Above code works well and good until it expires. token is not getting refresh after 6-7days(expired).

Question:

• What is the best way to retrieve the token for later use?
• How to refresh the token?
• does okta generates new token with new id after refresh? if yes should we use new token id to fetch the token for later use.
• Could you please share us sample project?

What is expected to happen?

• We should be able to fetch token for later use
• Refresh token should work with logout and login if expired

What is the actual behavior?

Refreshed token is not working even after calling refreshIfNeeded() func

Reproduction Steps?

Steps

• Login into okta
• Wait for 6 to 7days till it expires
• Use the availble token to call an api.
• Api should work

Additional Information?

No response

SDK Version(s)

pod 'OktaWebAuthenticationUI', '1.6.1'

Build Information

No response

[apoorv-trikha-ev]

Can someone please respond on the issue?

[apoorv-trikha-ev]

@mikenachbaur-okta ^^^^

[mikenachbaur-okta]

Hello @apoorv-trikha-ev, my apologies for the late response.

The token should still remain in storage, and should be able to be loaded properly. After 6-7 days it's almost certain that the access token will have expired, so a refresh does seem necessary. It very well might be that the refresh token may have expired in the interim. If this happens, the user won't have any choice but to reauthenticate, unless the expiration time of the refresh token is extended.

Additionally though, I wonder if you've seen the Credential.default API, which seems like it might be a much simpler way to track the current user's credential. It is built with the idea of quickly fetching a credential when only one is used, without you having to manually track the ID in your own storage.

For example:

let credential = try Credential.store(try await WebAuthentication.shared?.signIn(from: view.window))
Credential.default = credential

You can refer to the Managing User Credentials documentation for more information on the options available to you.

[mikenachbaur-okta]

@VasantHugar @apoorv-trikha-ev Have you managed to resolve this issue, or are you still experiencing problems with using the refresh token?

Alternatively, do you have any feedback on the SDK and its credential storage capabilities? Your application may be needing to use the SDK in ways we hadn't anticipated, so I'd like to see if there's anything we can do to simplify your development.