We have been tracking the changes browsers have been making to long running timers, especially in inactive tabs, and have begun to receive reports of flaky and unpredictable behavior from our Active AutoRenew. We have spiked on the usage of Web Worker based timers, however we decided not to move forward with that approach. Active AutoRenew served it's purpose, however the introduction of refresh tokens have made it a bit antiquated. A better, more reliable approach to token renewal is renewing the token (if needed) when tokens are read from storage. The isAuthenticated() method already does this and we have added a new method getOrRenewAccessToken() for convenience. Unfortunately we cannot make this the default behavior when tokens are read because storage operations are not async and performing a token renewal results in http request.
Moving forward, we recommend the following configuration
const config = {
tokenManager: {
autoRenew: true,
},
services: {
autoRenew: false,
autoRemove: false,
}
};
const authClient = new OktaAuth(config);(disables active autoRenew, enables passive autoRenew, reference)
Example Resource Request
async function authenticatedFetch(url, options={}) {
const accessToken = await authClient.getOrRenewAccessToken();
const headers = new Headers(options.headers);
headers.append('Authorization', `Bearer ${accessToken}`);
return fetch(url, {...options, headers});
}