Hi,

Our requirement is to secure a Connect REST using Oauth 2.0. OKTA is our OAuth 2.0 provider. We are connecting to Okta using an Authentication profile (using client credentials grant type) to get the JWT Token from them. The Authentication profile is referred inside Connect REST. Each token is valid for 10 minutes. 

Here are a few questions that we have 

- Does Pega persist a token internally, until it is expired and use it for each of the Connect REST call until the token is expired.  

- What exactly "Refresh token if available" does? Does it require the Refresh Token functionality to enabled at the Token provider(in our case OKTA) end as well for it to work?  

- We are facing a problem when a valid token is used a few seconds before its expiry. Lets assume each token has 10 minutes before it expires and at 9 minutes 59 secs, it is used for a Connect-REST. However by the time the connected third party application is validating the token at their end, it is expired and we are getting an error saying Expired token. How to handle this scenario in Pega?