I’m using the Auth0 SPA JS NPM package (v1.6) to connect my AngularJS (v1) front end to an API. Things are mostly working as expected, but I’ve run into an issue with token expiration.
Essentially, if someone hasn’t done anything in about 20 minutes, I’d like them to be logged out.
I’ve set up my API’s token expiration to be 300s (5 minutes), and the application’s JWT expiration to 1200s (20 minutes). After 300s, I get a 401 response from my API (as expected), and am able to get a new token via getTokenSilently (also as expected).
However, when I came into work this morning, I was still able to get a new token via getTokenSilently. My understanding is that it should have failed, as I was past the JWT expiration time.
This is a heads-up that we’re hosting an Ask Me Anything (AMA) session dedicated to Auth0 sessions, refresh tokens, and the Management API. Our product experts will be on hand February 12, 2025, from 8 AM to 10 AM PST to answer all your questions—no matter how basic or advanced they may be! You can submit your queries anytime from now until February 11, and we’ll provide detailed written answers during the live event.
This is a fantastic opportunity to learn best practices around session management, refresh token rotation, and the Management API. Plus, everyone who participates gets points and a special badge just for joining in on the fun.
If you have any burning questions (or even casual curiosities!), feel free to drop them in this thread. We can’t wait to see what you’re working on and how we can help you optimize your Auth0 setup. See you there!
