As the title suggests, despite setting an absolute expiration time for the refresh token in auth0, I’m not getting logged out. Is there anything I’m doing wrong? If possible, please advise on a solution.
The user may have an active session on another device or browser: If the user has an active session on another device or browser, they will remain logged in until the session is expired or they explicitly log out.
The client application may be using the same refresh token after it has expired: If the client application is caching the refresh token and using it after it has expired, the user will not be logged out. Ensure that your client application is properly handling expired refresh tokens.
The absolute expiration time may not be set correctly: Double-check that the absolute expiration time for the refresh token is set correctly. Verify the expiration time in Auth0 dashboard or API, and make sure that it is being correctly communicated to the client application.
The client application may be using a different refresh token than the one that has expired: If the client application is using a different refresh token than the one that has expired, the user will not be logged out. Ensure that your client application is using the correct refresh token.