I have an application that is using @okta/okta-auth-js version 4.x and @okta/okta-react version 4.x
I am getting reports that many times when the application tab goes inactive for a period of time perhaps within 15 minutes that their screen will show a message “You have been logged out due to inactivity…” (See image attached)
The first “issue” or feedback I am getting is questioning why is the application expiring so fast. When we use our okta company credentials to login to “Confluence” for example, those tabs can go inactive for far longer without ever being prompted to refresh due to inactivity.
The second issue brought up to me, which I haven’t really been able to reproduce is that sometimes users will be using the application filling out some forms/data and either while in the middle of that or once they try to submit the form. The page will just refresh on them and give them that inactivity message. ( I believe this happens after being inactive for a period of time, but then getting into the application before the page refresh which happens to trigger while using the app. )
Can you help me with any ideas/strategies on how to manage or address these issues?
I did reach out to my company about seeing if we had any application specific settings that could be adjusted such as access token and refresh token lifetimes and I was told that we aren’t licensed for API Access Management and that the app in question uses the organization authorization server which has a 1 hour access policy that can’t be adjusted.
I think the primary issue is figuring out how to avoid being logged out due to inactivity. If that was 2 hours instead of 15-20 minutes that would go a long ways to address the secondary issue where it happens to refresh the page and give users that message while using the application.
Thank you