okta · jccaldw1 · May 1, 2024 · May 2, 2024 · May 3, 2024
diff --git a/okta/oauth.py b/okta/oauth.py
@@ -1,6 +1,7 @@
 from urllib.parse import urlencode, quote
 from okta.jwt import JWT
 from okta.http_client import HTTPClient
+from okta.utils import is_jwt_token_expired
 
 
 class OAuth:
@@ -37,8 +38,8 @@ async def get_access_token(self):
             str, Exception: Tuple of the access token, error that was raised
             (if any)
         """
-        # Return token if already generated
-        if self._access_token:
+        # Return token if already generated and token is not expired.
+        if self._access_token and not is_jwt_token_expired(self._access_token):
             return (self._access_token, None)
 
         # Otherwise create new one

diff --git a/okta/utils.py b/okta/utils.py
@@ -5,6 +5,8 @@
 from enum import Enum
 from datetime import datetime as dt
 from urllib.parse import urlsplit, urlunsplit
+from jose.jwt import get_unverified_claims
+import time
 
 from okta.constants import DATETIME_FORMAT, EPOCH_DAY, EPOCH_MONTH,\
     EPOCH_YEAR
@@ -74,3 +76,7 @@ def convert_absolute_url_into_relative_url(absolute_url):
     """
     url_parts = urlsplit(absolute_url)
     return urlunsplit(('', '', url_parts[2], url_parts[3], url_parts[4]))
+
+def is_jwt_token_expired(jwt_token):
+    claims = get_unverified_claims(jwt_token)
+    return time.time() > claims['exp']