Hello,
I am trying to setup Auth0 for my SPA using @auth0/auth0-vue npm package. The business use case says that if the user is idle/inactive for 15 minutes post login, he should be logged out of the application. I also intend to use a rotating refresh token using which I can request for a new access token every 2 minutes. I tried many possible combination of settings provided by Auth0 but still failed to achieve the desired behaviour. Please find attached, the screenshot of my auth0 configuration for reference.
Can you help us understand which settings you’ve tried so far? You can set an inactivity timeout in session lifetime settings, but you may want to call logout from your application as well. The following FAQ could also prove useful:
Which part of the desired behavior are you referring to? Are you unable to get refresh tokens working? Please see above for logging users out of Auth0.
I am able to retrieve the refresh token from Auth0, but I am experiencing issues with the inactivity timeout behavior.
Issue:
Inactivity Timeout: Set to 3 minutes
Absolute Timeout: Set to 6 minutes
Scenario:
The user logs in and actively uses the application for 1 minute.
The user then goes idle.
Expected Behavior:
The user should be logged out 3 minutes after going idle, which would be 4 minutes after logging in.
Actual Behavior:
The user is being logged out 2 minutes after going idle, which is 3 minutes after logging in.
This indicates that the inactivity timeout is starting from the login time, not from the time the user goes inactive.
Also, you have mentioned in your reply that I may have to call the logout manually. Could you explain it further as to why it is required and under what conditions I have to do that.
