On web, Auth0 provides a session cookie that keeps the user’s session active as long as there is activity.
We would like to do the same thing on mobile.
Current behavior:
Currently, both the id_token and access_token have fixed expirations times. Regardless of use, the id_token and access_token will expire based on how we’ve set them. There is no way to keep a session alive during activity without using a refresh token (which we do not want to use for that purpose).
Desired behavior:
We would like to make a call to Auth0 with an existing id_token and access_token before the expiration and get a new id_token and access_token with the expiration updated. For example, if the tokens both have a 30 minute expiration, we’d like to make an api request with those two tokens after (for example) 10 minutes and get back a new id_token and access_token with a “re-upped” 30 minute expiration. We want to do this without using a refresh_token.