Hi,
Thank your for reaching out.
Could clarify on which tokens you are referring to ?
Cognito tokens or Genesys tokens ?
First, let me try to clarify few things.
Access token is a "key" that gives you access to protected APIs for a period of time.
Access token is being used to perform login or logout.
Once login or logout is performed, you don't need to have a valid access token all the time until an operation that requires it is required.
So the fact that there is no automatic refresh of access token is not an issue in itself.
Can you check that you are requesting 'offline access' as part of the scope ?
The following rules apply for generating a JWT / Refresh token from Genesys auth service:
- For the Genesys JWT, lifetime has the value of Access token from the authorization server (Cognito) but cannot exceed 15 minutes.
- Genesys Refresh token may or may not be generated.
If requested through the offline_scope, Refresh token lifetime is set to 24 hours.
If not requested, a Refresh token can still be provided given the Access token is higher than 15 minutes.
In such case, Refresh token lifetime is same as the Access token one.
If Access token is less than 15 minutes, no Refresh token is provided.
So given that you're saying the JWT lifetime is 5 min, I would expect no refresh token to be provided if the offline scope is not set.
Now refreshing the browser with an expired access token but a valid refresh token could be an issue indeed.
I would advise to open a ticket with Care so that you can share logs and info on your environment and we can investigate further.
Hope this helps,
Best regards.
V.P.
------------------------------
Vincent Pirat
Genesys - Employees
------------------------------