Log user out after inactivity

My company has a restriction that our access tokens need to be valid for 15 minutes (which I got working) and the refresh token is valid for 30 minutes (which I’m having trouble with).

If the user steps away from the application (It’s in react) for longer than the 30 minutes of the refresh token, the user needs to be taken back to the login page.

My problem is, I’m never getting kicked out to the login page.

To shorten my test I tried to be kicked out after 5 minutes, so I’ve put the following settings:

In the applicaiton:

  • ID Token Expiration = 300 seconds
  • Absolute Lifetime = 300 seconds
  • Inactivty Lifetime = 299 seconds

In the api:

  • Maximum Access Token Lifetime: 120 seconds
  • Implicit / Hybrid Flow Access Token Lifetime: 120 seconds

I don’t really know what configuration is wrong and how I can accomplish this scenario.

CSOC won’t allow us to go to production unless we figure out how to have the inactive users back to the login page after 30 minutes of inactivity.

Hi @bmiranda,

Welcome to the Auth0 Community!

I recommend checking these articles on how to log user out after inactivity:

Please let me know if you have any further questions.

Thanks,
Tudor

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.