tyf
April 23, 2024, 11:26pm
5
No problem, happy to help where I can!
jsteinbrunner:
With respect to Refresh Tokens, will refreshing the user’s token affect the inactivity timeout? I called the /api/v2/sessions/{sessionId}
API after doing a refresh, and the updatedAt
value remained unchanged. It is possible I made a mistake though.
This is expected behavior - Refreshing tokens doesn’t affect the authentication session (IDP/Auth0 Level). The following topic does a good job explaining this:
Hi,
Do I understand correctly that with Refresh Token we can allow user to be authenticated for 30 days without the need to go through the login form?
Since we have Refresh TOken absolute lifetime set to 1296000 which is 30 days and Inactivity lifetime to 1296000 (15 days) a user should be forced to login every 15 days if not using the app and every 30 days when using the app?