Hi Everyone,
We’re experiencing an issue where our users are required to log in every 24 hours. We’ve implemented Auth0 in our Next.js application by following the guide and using @auth0/nextjs-auth0.
The handler for the next request has the following scopes:
export const GET = handleAuth({
login: handleLogin({
authorizationParams: {
prompt: 'login',
scope: 'openid profile email offline_access',
audience: '******',
},
afterLogin: async (req, res, session) => {
console.log('afterLogin', req, res, session);
}
})
});
In the tenant settings, the session limits are set as follows:
- Idle Session Lifetime: 4320 minutes
- Maximum Session Lifetime: 43200 minutes
We’ve tested changing the ID Token Expiration and the API Maximum Access Token Lifetimes to up to 30 days, and we see that the JWT payload has the correct expiry times. However, this doesn’t seem to be the cause of the issue, as users are still forced to re-login after 24 hours. We have selected the refresh token in the grant types.
We have selected the refresh token in the grant types.
We have noticed that the appSession cookie has an expiration header set to 24 hours after the initial authentication.
Additionally, we are currently on the free tier, but from reviewing the FAQ and pricing, we do not see any limitations related to single-day logins for the free tier.
Any help or insights would be appreciated. Thank you!