We have two types of authentication to an API.
- One is where users log in through a react app on the web using the
@auth0/auth0-reactpackage, PKCE grant.
- The other type is machine to machine access using a client credentials grant flow.
We are trying to configure two different token lifetimes for these two different flows. Here’s how we have it configured in the yaml config:
token_lifetime: 86400 token_lifetime_for_web: 1800
So, basically we want our web clients to have a token timeout of 30 minutes and our M2M tokens to have a timeout of 1 day.
The problem: when we log in using the web flow it uses the
token lifetime value for our web tokens. We were surprised as there is a configuration value specifically for web.
Is there some way to get our React app to use tokens with a lifetime shorter than the token lifetime used by M2M applications?