How to implement session timeout alert

I have a SPA using the okta-react SDK using PKCE.

I’m trying to implement a modal that displays when a user has been inactive for 10 minutes. Once, they reach 15 minutes of inactivity, they should be logged out. While the modal is open, the message should countdown the time remaining. If the user interacts with the modal before the countdown finishes, they will stay logged in; otherwise they should be logged out.

I’m looking around and I see the access token and session have different expirations. I’m trying to understand how those interact with one another and which expiration is relevant to the session timeout. Additionally, I know that a valid session is required for an access token to renew, so would it be necessary to manually renew a session?

I’'m not too experienced with Okta and authentication, so any help or resources would be appreciated.

Session and access_token can have different lifetime indeed. It’s up to you, what you want to do with those times. But as you have access_token, for the application it’s easier to figure token lifetime, and not the okta’s session.

In general there is no link between session and access_token, as the latter one can be used for services, where there is no session.

In okta you can set your session lifetime to be longer than access token, so that you are able to refresh the token, if needed.