Open lboynton opened 1 year ago
We have also experienced issues relating to token expiry when authenticating with a private key. As a work around, we call the clear_access_token
manually and clearing the request executor cache and headers to get a new token in the next request:
def _clear_access_token():
okta_client._request_executor._oauth.clear_access_token()
okta_client._request_executor._cache.delete("OKTA_ACCESS_TOKEN")
okta_client._request_executor._default_headers.pop("Authorization")
We would also like to know if there's a supported way of refreshing these tokens
Thanks @haggrip! Tried something similar to this but I was missing the trick to clear the Authorization
header, without that the old token is still used.
@lboynton Thank you for submitting this. We will review further internally; see comment here: https://github.com/okta/okta-sdk-python/pull/364#issuecomment-1691725925
Internal Ref#: OKTA-641384
My team has struggled with this issue. The way we have remediated this is to examine the exp
claim on the token, and if we determine the token is expired, simply clear the access token before the next request and force the Client to request a new OAuth token. But this can also be done preemptively when we first grab the access token from the OAuth object - I have taken the liberty to draft this pull request that implements this change.
Of course, happy to see that pull request closed if this is not the intended direction for the SDK. As @haggrip mentioned, perhaps an alternative future direction could be refreshing the token instead of simply clearing it and requesting a new token.
When using OAuth 2.0 to authenticate with the Okta API, an access token is generated. This token is cached by the SDK and after some time expires, but there appears to be no logic in place to handle the token expiry and get a new access token.
There is a
clear_access_token
method to clear the access token, but I don't see where it's being used.