Thank you Konrad for your response.
My application is in Javascript (node, express) and I’m using express-openid-connect:
import { auth } from 'express-openid-connect';
import 'global-agent/bootstrap';
import appConfig from '../utils/config';
// global-agent is required because we use a proxy.
// it uses by default the environment variable GLOBAL_AGENT_HTTP_PROXY.
// It may conflict with nock.
const { auth0 } = appConfig;
// https://auth0.github.io/express-openid-connect/interfaces/configparams.html
const configParams = {
authRequired: false,
auth0Logout: true,
baseURL: auth0.baseUrl,
clientID: auth0.clientId,
issuerBaseURL: auth0.issuerBaseUrl,
secret: auth0.secret,
clientSecret: auth0.clientSecret,
routes: { callback: '/auth0/callback', login: '/auth0/login', logout: '/auth0/logout' },
authorizationParams: {
// eslint-disable-next-line @typescript-eslint/camelcase
response_type: 'code',
scope: 'openid profile email read:users',
audience: appConfig.apis.audience.endpoint,
},
};
export default auth(configParams);
To test more quickly, I set the inactivity timeout to 1min.
I open a window (chrome) and log in to my website.
I keep the window open but do nothing for 1 min (there is no activity in the “network” tab when inspecting the page).
Then I reload the page (command+r), and I can still see my page (I’m not redirected to the login page).
Can you see something that I’m missing?
Let me know if you need more info!