I am trying to use the max_age property to force reauthentication of the user. I’m unable to get it to work with auth0Lock v11.3 for Javascript. I’m passing max_age to my lock through the options. I see that the max_age value is getting sent to the authorize endpoint. But it is not working. I have also added the “auth_time” claim value to the id token like this documentation states Force Reauthentication in OIDC.
is this supposed to work with the classic login?
Side note: In the documenation (alot of your documentation) there are many links that are not even available anymore.
I have verified through the “network” tab that the max_age is being passed as a parameter to the authorize call. I am still having no success in being forced to reauthenticated after 30 seconds.