Properly expiring tokens

mattgrande · January 14, 2020, 3:14pm

Hi all, I’m hoping you can help me out.

I’m using the Auth0 SPA JS NPM package (v1.6) to connect my AngularJS (v1) front end to an API. Things are mostly working as expected, but I’ve run into an issue with token expiration.

Essentially, if someone hasn’t done anything in about 20 minutes, I’d like them to be logged out.

I’ve set up my API’s token expiration to be 300s (5 minutes), and the application’s JWT expiration to 1200s (20 minutes). After 300s, I get a 401 response from my API (as expected), and am able to get a new token via getTokenSilently (also as expected).

However, when I came into work this morning, I was still able to get a new token via getTokenSilently. My understanding is that it should have failed, as I was past the JWT expiration time.

What am I doing wrong and/or missing?

john.gateley · January 14, 2020, 5:53pm

Hi mattgrande,

Check out the session lifetime here:

John

mattgrande · January 14, 2020, 5:58pm

That’s perfect, John, thank you! Just updated my session time out settings, navigated to my test environment, and I was logged out, as expected.

konrad.sopala · January 15, 2020, 9:09am

Glad we were able to help @mattgrande!

system · January 30, 2020, 9:09am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.