As the title suggests, despite setting an absolute expiration time for the refresh token in auth0, I’m not getting logged out. Is there anything I’m doing wrong? If possible, please advise on a solution.
Pages that require authentication use withAuthenticationRequired.
【Management Dashboard Configuration】
It has been set extremely short for testing purposes.
Access Token: 15 seconds
Refresh Token Absolute Expiration: 30 seconds
Refresh Token Rotation: Enabled
If it is possible, I would like to change values for each application instead of changing the settings for the entire tenant.
The user may have an active session on another device or browser: If the user has an active session on another device or browser, they will remain logged in until the session is expired or they explicitly log out.
The client application may be using the same refresh token after it has expired: If the client application is caching the refresh token and using it after it has expired, the user will not be logged out. Ensure that your client application is properly handling expired refresh tokens.
The absolute expiration time may not be set correctly: Double-check that the absolute expiration time for the refresh token is set correctly. Verify the expiration time in Auth0 dashboard or API, and make sure that it is being correctly communicated to the client application.
The client application may be using a different refresh token than the one that has expired: If the client application is using a different refresh token than the one that has expired, the user will not be logged out. Ensure that your client application is using the correct refresh token.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.