Hi @sabeslamidze - if a user’s Auth0 session expires, they will be logged out of Auth0 and need to re-authenticate before being able to request any new access tokens - but your application likely has its own session which also needs to be terminated - please see here for more information on the different layers of sessions: Logout
So for example, you could make a checkSession / GetAccessTokenSilently (depending on what SDK you are using) call when the user attempts to carry out a sensitive operation / navigation, and if you see a “login required” error returned, delete the user’s application session and redirect them to your login page / the authorize endpoint.
On top of this, Access tokens are valid until they expire irrespective of sessions, so ideally your access token expiration would be the same as, if not lower than your inactivity timeout setting to avoid issued tokens being valid beyond the session’s timeout.
If the user still has a valid session, checkSession / GetAccessTokenSilently will return a new session and refresh their inactivity timeout.