If we configure our Tenant Login Session Management Inactivity Timeout value, and also configure individual Application Refresh Token Expiration Inactivity Lifetime, which value takes precedence?
For instance, if the Tenant level were configured at 15minutes, but the Application level were configured to 20minutes, which would take effect?
They apply to different things. The session management applies to the session (as represented by a cookie in the Auth0 tenant domain) and the refresh token expiration applies to refresh token usage.
They are very different, you will typically either use a session or a refresh token, but not both.
John
Thanks for helping on this one John!
Hey there, everyone!
I’m excited to inform you about our next Ask Me Anything session in the Forum on Tuesday, July 30, with the Product Management team. If you have questions about upcoming features like FGA, Manage Sessions in Actions, or SCIM. Submit your questions now, and our esteemed product experts will provide written answers on July 30. Can’t wait to see you there!
Learn more here!