I try to use this config “but will expire if not used every”, such that user will get signed out automatically after a certain period of inactivity. That is my understanding, but I don’t see user get signed out automatically after 10 minutes inactivity.
It looks like autoRenew is set to true.
I assume when you run your application if you open the dev tools in the browser and watch the Network tab, when idle you will see a /token call every 5 minutes?
When auth-js runs as a service it will continue update tokens in the background.
Can you verify if you see the /token call happen every 5 minutes?
Also note the SDK does not have any feature to logout of your application. So once the token manager no longer has a set of valid tokens then either calling isAuthenticated() will return false (this behavior can be overridden with your own logic), or visiting a protected link will fail.
The default auth-js behavior for the token manager can be customized with the below.
Yes, autoRenew is true, and the intention is to renew token every 5 minutes. Also I’m expecting the refreshToken becomes invalid after 10 minutes inacitvity, which is my understandig of “but will expire if not used every”. Am I wrong here?
And yes, there’re POST request call to “/token” every 5 minutes.
I called authClient.isAuthenticated() multi times during the period of 25 minutes, while maintained inactivity as I didn’t trigger any of authClient.tokenManager.getToken, authClient.tokenManager.getTokenSync, but it always resolves true. I’m expecting it to be false (invalid) after 10 minutes.
Does autoRenew: true suppress “but will expire if not used every” value?
