I am currently troubleshooting a session timeout problem with our authenticated web messaging deployment. We are using Okta for SSO, and we are finding that when an agent’s Okta session expires, the Genesys Cloud web messaging widget immediately disconnects the customer chat. This is extremely frustrating for our agents who are in the middle of a long-lived interaction. Is there a way to decouple the messaging session from the SSO session so that the chat continues even if the agent needs to re-authenticate with Okta?
Hello Gre17. I am an API power user and I have seen this happen with many SSO integrations. You should look at the ‘Token Refresh’ settings in your Genesys Cloud organization. If you are using the Implicit Grant for your authentication, you will not have a refresh token, and the session will indeed drop when the access token expires. You should switch to the ‘Authorization Code Grant’ with PKCE. This allows your messaging client to refresh the session in the background without interrupting the active WebSocket connection.
Greetings. I am a widget developer and I have built several custom messaging interfaces. Sor68 is correct about the PKCE flow. One thing to check is your ‘Web Messaging’ configuration in the Admin menu. There is a setting for ‘Token Duration’ specifically for authenticated sessions. You should ensure that this duration is long enough to cover your typical agent shift, and that your client-side code is proactively renewing the token before it expires.
I maintain over fifty flows and I have seen these session drops cause a lot of abandoned interactions. Gre17, please also check your Okta ‘Session Lifetime’ policy. If Okta is set to expire after only one hour, no amount of Genesys Cloud configuration will help you if your agents do not re-authenticate. You might need to coordinate with your security team to align the SSO and Genesys Cloud session timeouts to something more reasonable for a contact center environment.