Keeping a session alive

On web, Auth0 provides a session cookie that keeps the user’s session active as long as there is activity.

We would like to do the same thing on mobile.

Current behavior:
Currently, both the id_token and access_token have fixed expirations times. Regardless of use, the id_token and access_token will expire based on how we’ve set them. There is no way to keep a session alive during activity without using a refresh token (which we do not want to use for that purpose).

Desired behavior:
We would like to make a call to Auth0 with an existing id_token and access_token before the expiration and get a new id_token and access_token with the expiration updated. For example, if the tokens both have a 30 minute expiration, we’d like to make an api request with those two tokens after (for example) 10 minutes and get back a new id_token and access_token with a “re-upped” 30 minute expiration. We want to do this without using a refresh_token.

Hi @david.s,

Welcome back to the Auth0 Community and sorry for the late reply.

Unfortunately is not possible to configure the Access Token expiry time from request to request at the moment. The “Maximum Access Token Lifetime” can only be set at a standard value and cannot be dynamically changed. This comes in alliance with this Knowledge Article as well, which suggests proposing a new Product Feedback so this behavior can be taken in consideration by our engineers team.

Best reagards,
Remus

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.