Given that this does require using a Management API access token, you’d want to be sure and proxy this through a backend as outlined in the following FAQ:
I was hoping this wouldn’t be the answer. What I actually need is a timestamp relating of the date/time of absolute expiry. Ideally this should be sent down with the response from getTokenSilently. This would allow me to track the time until the user is to be auto logged out so I can show a message to the user ahead of time.
Thanks for sharing the link to that other thread, unfortunately, that is a different problem (inactivty time out not, absolute expiry); but one I also need a solution for. The proposed in that thread doesn’t’ solve the problem.
Heres the scenario:
Absolute expiry time: 60 minutes
User logs in
The user starts performing their daily tasks and does so continuously
X minutes before the absolute expiry is reached a message should appear in the UI that reads:
“For security reasons your session is about to expire. In X minutes you will be logged out.”
How can I achieve this without being able to see the time/date of absolute expiry in the getToken response?