I have a SPA using the okta-react SDK using PKCE.
I’m trying to implement a modal that displays when a user has been inactive for 10 minutes. Once, they reach 15 minutes of inactivity, they should be logged out. While the modal is open, the message should countdown the time remaining. If the user interacts with the modal before the countdown finishes, they will stay logged in; otherwise they should be logged out.
I’m looking around and I see the access token and session have different expirations. I’m trying to understand how those interact with one another and which expiration is relevant to the session timeout. Additionally, I know that a valid session is required for an access token to renew, so would it be necessary to manually renew a session?
I’'m not too experienced with Okta and authentication, so any help or resources would be appreciated.