SPA application id token expiry/life time related question

Hi,
I’m trying to reduce id token expiry/life time for our application (Single page application) configuration.
Following the documentation links, I changed the values under application’s “settings” tab in the portal to 1800 seconds (30 minutes).

After allowing few minutes, when I try to run our front end app and observe the token, it shows the expiry life time is 24 hours (and not the 30 minutes I wanted). Below is the token value

“iat”: 1681745041,
“exp”: 1681831441 (i.e 18 Apr 2023 16:24 GMT)

Could you please let me know if I’m missing any setting (or) configuration incorrect?

Hello @senthil.kandasamy welcome to the community!

The configuration looks correct (thanks for the screenshot!) - Are you positive you are adjusting the setting for the correct app and looking at the ID token rather than the access token?

Keep us posted!

Hi tyf,
Thank you for the suggestions. You were right, indeed we had two set of configurations one for the SPA (hence Auth0 SPA) and a backend service (Auth0 API configuration) that requires access token for authorisation. I was looking at the access token expiration value which wasn’t matching.

May I ask one more question. Our team requires user session/browser timeout to be configured as different values for different types of roles (Admin, Reader etc). May I ask if that is possible to achieve (Set different timeout values based on user roles)?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.