Using the SPA example, After performing a login, I see that that the user stays logged in on the next session without having to re-enter it’s credentials.
Two questions:
On the client side, I see that “IsAuthenticated” cookie is created that enables the user to stay logged in without having to open the login screen. It looks like the default expiration time is 22 hours. Is there any way to extend this time frame?
Even if the the “IsAuthenticated” cookie expires, I see that the login screen does not require the user to re-enter it’s credentials and sends the token automatically. How long is the device authenticated without having to re-enter the user credentials? And can this be modified?
This doc covers token lifetimes. The lifetime will depend on which API the token is intended for. Some API’s can have a longer lived token and some are fixed. The cookie you are referring to is intended to signal the need for a silent authentication.
Depending on the SDK you are using, there are built in methods for this. auth0-spa-js has a getTokenSilently method you can use.
This doc covers session lifetimes and how they work.