Hi all, I’m hoping you can help me out.
I’m using the Auth0 SPA JS NPM package (v1.6) to connect my AngularJS (v1) front end to an API. Things are mostly working as expected, but I’ve run into an issue with token expiration.
Essentially, if someone hasn’t done anything in about 20 minutes, I’d like them to be logged out.
I’ve set up my API’s token expiration to be 300s (5 minutes), and the application’s JWT expiration to 1200s (20 minutes). After 300s, I get a 401 response from my API (as expected), and am able to get a new token via
getTokenSilently (also as expected).
However, when I came into work this morning, I was still able to get a new token via
getTokenSilently. My understanding is that it should have failed, as I was past the JWT expiration time.
What am I doing wrong and/or missing?