Session life time - extend for developer plan?

We are a startup company developing a mobile app, and so far we are very satisfied with Auth0.

However, one limitation seems a bit odd.

The session life time for none-enterprise plans is Max 3 days, which is very limiting. Mobile apps are not necessarily used every day, and the need to authenticate each time might prevent users to use the app on the long run.

Is there any plan to change it? Is there maybe a way we can extend these limits without having to purchase the Enterprise edition? We really like Auth0 and want it to grow with us.

Thx!

Hi Somehk, there are no plans to change this at the moment. Are you not using/storing refresh tokens?

I am not using refresh tokens.

With refresh tokens, do these limits no longer apply?

Refresh tokens don’t expire, they’re used to retrieve a new access token. They don’t rely on an active session. So, the session expiration doesn’t matter in an OAuth Refresh Token OAuth Grant.

Thanks, very interesting!

For SPA, if we are using the silent authenticate method, is it the same like using a refresh token?

No, SPA aren’t secure clients, so refresh tokens can’t be used there. SPA and the silent authentication do rely on the user session; as opposed to the refresh token grant type.

Thank you, very much appreciated. I will start working on using refresh tokens

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.