How to get refresh tokens to work with oidc and Wildfly 26

[Tom Tibbetts]

Hi,

Our business is using Okta for authentication and our app server is Wildfly 26 and our language is Java.

When we log into our application, an auth token is generated and processed by the Wildfly server and our user is then authenticated.  The token expires after one hour forcing the user session to become invalid and thus logging out the user.  What we want is for the user to stay logged in to the application as long as the user is actively using the application and the session timeout on the server hasn't expired.

I'm trying to implement refresh tokens so that, on each web request, the auth token is refreshed and the timeout timer is reset.  What is now happening is that, instead of user getting authenticated when they first log in, we are now getting a "forbidden" page.  The following is a snippet of what I have in my standalone.xml:

<subsystem xmlns="urn:wildfly:elytron-oidc-client:1.0">

                <secure-deployment name="XYZ.war always-refresh-token="true">

                ...

                </secure-deployment>

</subsystem>

Can someone point me to a step by step fix for this issue.  I've done a lot of googling and so far I'm not getting documentation that make sense to me.  Thanks in advance.

[Tom Tibbetts]

I wish to add.... This is what I'm getting in my log:

15:00:51,570 ERROR [org.wildfly.security.http.oidc] (default task-1) failed to turn code into token

15:00:51,571 ERROR [org.wildfly.security.http.oidc] (default task-1) status from server: 400

15:00:51,571 ERROR [org.wildfly.security.http.oidc] (default task-1)    {"error":"invalid_grant","error_description":"The authorization code is invalid or has expired."}