For how long are users authenticated?

Using the auth0-js API, I can call authorize for a user to get initial authorization and then call checkSession periodically to get an updated JWT.

What controls the amount of time that the user is “authorized”, such that I can call checkSession? Is there any kind of expiry of this state? If so, can that expiry time be controlled?

Check the settings of your Application, at the bottom there is a setting “JWT Expiration”.

That’s the expiry time of a JWT, is it not?

Sorry, thought that would be the same?

:wave: @dan.rumney the lifetime of a session can be set at the SSO Cookie Timeout setting in tenant settings which by default I believe is 7 days and can be set to a maximum of 30 days. However, there is also an inactivity timeout that is currently non-configurable and set to 3 days.

1 Like