getTokenSilently fails due to inactivity timeout

Using following setup:
@auth0/auth0-spa-js v1.13.0 in a vue setup.

My UI uses the Authorization Code with PKCE flow to authenticate and get an access token that lasts 24 hours. Whenever it makes an API call it uses the ‘getTokenSilently’ method to get the token, and after the first authentication it seems to get the same token from the cache. This makes since as the token is still valid.

My tenant configuration has the inactivity timeout set to 30 minutes. After using the UI for 30 minutes (and making those getTokenSilently calls) the getTokenSilently fails with ‘login_required’ errors.

I understand if I was attempting to get a new access token after 30 minutes I would need to login, but if calling getTokenSilently does not interact with the Authentication server each time resetting that 30 minute inactivity, what is causing it after the 30 minutes to fail. The token lasts 24 hours so I would expect it to still be retrieved by cache for 24 full hours after initial load.

Hi @tyler.morris.beeline,

Welcome to the Community!

This sounds like a bug. Can you please create an issue in the repo?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.