I am using the Okta SignIn Widget on my Web App, and I receive an access token which I then send to my backend server and verify using the Java Jwt Verifier (AccessTokenVerifier).
This all appears to be working fine, but how do I manage the Expiration time of the token? I would the expiration time to be reset while the user is active on the site, and not timeout after the preset time.
If I configure the user to have a 30min (or 2 hour) expiration time, what happens when that token expires? Do I need to use a Refresh Token? I cannot seem to get a refresh token from the SignIn Widget, and I cannot find what to do with it, if I were to receive one.