Maintaining User Sign-In State with Auth0 Universal Login on Mobile Apps
We are exploring a mechanism to allow users to remain signed in after logging in via Auth0 Universal Login on a mobile app.
I have devised one approach, but I would appreciate any information or insights regarding alternative configuration methods or confirmation of the feasibility of this approach.
The proposed method involves utilizing refresh tokens. By continuously sending POST requests to the /oauth/token endpoint to refresh the refresh token, we aim to maintain a persistent signed-in state.
Welcome back to the Auth0 Community and sorry for the late reply.
Given that you the approach is meant for a mobile application, you are absolutely correct when it comes to using refresh tokens when it comes to keeping users logged in for a longer period of time, which work when following the Device Authorization Flow as well.
You can configure the Idle Refresh Token Lifetime to 2,592,000 seconds (30 days) and the Maximum Refresh Token Lifetime to 31,557,600 seconds (1 year) using the Auth0 Dashboard, as mentioned in our documentation.