- auth0-lock: 11.22.4
I would like to avoid having the users sign-in frequently. Our system is consumer facing and doesn’t store sensitive data, and so we would like the users sign in as least as possible, preferably once a year or at least 6 months.
Currently, we are using auth0-lock in our React frontend and it seems to be expiring every day. I believe this is due to the setting: “Token Expiration For Browser Flows (Seconds)”, which is set to 24, which is the max value - correct?
I thought of using the refresh token to refresh the access token on startup time, and thus avoid having the user to re-login. Is that a right approach?
However, I noticed that we don’t even get the refresh_token in the response. I have enabled “Offline Access” but that didn’t help either. Is this not supported when using Lock?
Anyways, from the documentation, it seems that Lock should be using checkSession to renew the token, and so we implemented that using a scheduler. However, that is valid only when the user is actively using the system - the access token will still expire after 24 hours.
How do I achieve this? What should I do?
Is there a place to get a fully documented example that I could just use in our react app, preferably without re-writing all the lock related code?
I understand that I may need to refresh the token periodically in the backend and load it in the frontend. But (1) I don’t even manage to get the refresh token. And (2) Not clear how the frontend authenticates with the backend if the access token expires.