I have a single page app with a REST server. The single page app authenticates with Auth0 Lock v11 and then uses JWT token to authorize at the REST API like described here: https://auth0.com/docs/quickstart/backend/django/01-authorization
Now I want the user to be logged in for a long time, e.g. 3 weeks. He should not have to enter his credentials again. So I could just change the JWT token lifetime to 3 weeks. But is this what I should do?