I’m trying to use this library with some of the new refresh token features, rotation and inactivity expiration and I’m trying to test things out. I’ve set all my token expirations down to 300 seconds and I’ve enabled the corrosponding toggles for my application. I’ve also enabled “useRefreshToken” option in my configuration in the sdk.
When I call getAccessTokenSilently it still seems to always want to call the authorize endpoint and use iFrame technique. Additionally I get a warning in the console, “The requested scopes (openid profile email offline_access) are different from the scopes of the retrieved token (openid profile email).”
Lastly despite having, refresh, id, and access tokens set to expire after 300 seconds, I still seem to be able to request and get new access/id tokens when calling getAccessTokenSilently beyond the 300 seconds.
I might be missing something obvious, but I think I’ve set everything up as expected.
- Which SDK this is regarding: auth0-angular
- SDK Version: 1.3.0
- Platform Version: Node 12.16.1