I have an AngularJs web application that is using Auth0 to login. I also have a API that I am securing with the same access token.
The web site seems to have a timeout of 10 hours. The api token seems to have a timeout of 24 hours for non web clients and 2 hours for web clients.
Effectively, this means that my users will have to re-authenticate every 2 hours. What is the recommended way to solve this? Should I set all my timeouts to the same value or is there some way to silently get a new token before the old token is invalidated?