Hey there, my company is making the switch to Auth0 and our main goal is ensuring that our users don’t have to log in if they are active during a 14 day period. If they continue to make calls and refresh their tokens, they should never be logged out. If they try to refresh a token outside of the 14 days they get logged out.
I believe this could be achieved by turning off “Refresh Token Rotation” and “Absolute Expiration”, but leaving on “Inactivity Expiration” and setting to 1209600 seconds.
My concern is that due to the tenant session “Require log in after” setting, my users will be logged out after 30 days regardless of the refresh token settings and forced to log back in.
Can anyone confirm this for me?