If we configure our Tenant Login Session Management Inactivity Timeout value, and also configure individual Application Refresh Token Expiration Inactivity Lifetime, which value takes precedence?
For instance, if the Tenant level were configured at 15minutes, but the Application level were configured to 20minutes, which would take effect?
They apply to different things. The session management applies to the session (as represented by a cookie in the Auth0 tenant domain) and the refresh token expiration applies to refresh token usage.
They are very different, you will typically either use a session or a refresh token, but not both.
John
Thanks for helping on this one John!