Our goal is to log users out after 30 minutes of inactivity (in accordance with HITRUST) but let them stay logged in a for a long time if they are continuously active. We have set inactivity timeout to 30 minutes in the auth0 dashboard.
Using auth0-spa-js, we call
getTokenSilently() every time the user makes a network request, clicks, or presses a key.
Based on the documentation at https://auth0.com/docs/libraries/auth0-single-page-app-sdk, calling
getTokenSilently() should refresh the session. Instead, users are being logged out (“Login required” error from auth0 client) after 30 minutes even though we have called
getTokenSilently() multiple times during that time period. Am I missing something here?