I have setup react application with SPA on Auth0
when my refresh token expires, it is not logging out the user instead of it is making call to /authorize endpoint and getting the new token
how should I prevent this behavior? I want to logout user once refresh token expires
I am attaching a screenshot of my network calls to get more idea
Welcome to the Auth0 Community.
One option may be to coordinate your refresh token expiry with your session expiry https://auth0.com/docs/manage-users/sessions/session-lifetime-limits#application-specific-logout-urls for example you might sync the session inactivity timeout with your refresh token expiry. This may give you the behaviour you are looking for as when the refresh token expiry is reached the session expiry time will also be reached (if further access tokens have not been received ) and the user will have to re-authenticate.
I would suggest you test this scenario using short timeouts and observe behaviour to see if this meets your needs.
Warm regards.
@SaqibHussain Thanks for the reply, working as expected.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
