How to extend user session and API access token while user is active?


I want to have the following setup:

  • A user session that expires after 30 minutes of inactivity, but gets extended while the user is active
  • API access tokens that expires after 5 minutes (or less), but gets renewed while the user is active

Though I’m struggling a bit of setting this up in my SPA (I use auth0-react). How should I make sure that while the user is active:

  • The user session gets extended?
    • Let’s say the user is active for 29 minutes, then goes inactive. Will the session expire after 1 minute even though he/she only has been inactive for 1 minute? Or can I make sure the session lifetime is extended somehow?
  • The API access token gets renewed?

And while the user is inactive:

  • The user is logged out after 30 minutes? Do I need to set a manual timer to do this?
  • The API access token is not renewed after 30 minutes?

Best regards