[IdP] Incosistent session timeout SSO okta

Back to Forums

Harlem Manzano

Question

Reactive

Forge

Application Type

Reactive

Service Studio Version

11.55.58 (Build 64636)

We have a React application in which some users are reporting intermittent automatic logouts. Users are being prompted to re-authenticate with Okta even though the session timeout is configured for 2 hours. In several cases, re-authentication is required in less than the configured timeout period.

The issue occurs intermittently and we have not been able to reproduce it in our environment. We are looking for guidance on potential causes or configuration issues that could lead to this behavior, as well as any recommended troubleshooting steps or fixes.

we are using idp_sso_url to login

10 Feb

Narendra Maheshwari

Hi @Harlem Manzano
Here are few considerations:

The logout problem is NOT because of OutSystems authentication configuration.
The problem is with Okta Token Expiry or Token Renewal Failure.

Below are the actual settings that matter for your issue:

1. Verify Okta Token Lifetimes

Go to:Security → API → Authorization Servers → Access Policies → Token Lifetime

Check:

Access Token lifetime
Refresh Token rotation enabled?
ID Token lifetime
Allow Refresh Tokens = ON?
offline_access scope enabled?
If Access Token is < 60 minutes → this explains early forced login.

2. Enable “Refresh Token Rotation” (Strongly Recommended)

In Okta Admin:

API → Authorization Server
Edit Access Policy
Check "Refresh Token
"Enable “Rotation"
Add scope: offline_access

I hope it helps!!

11 Feb

Huy Hoang The

Hi,

i also think same as Narendra. u can use access token in this case and access token have expiretime less than 120mins and if access token expired, the system log out.

u need have logic to refresh token and keep user not log out.

Hope this helps!

11 Feb

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines