It vanishes if you log out, or if you reload the page (and the route you’re on is a <SecureRoute …> route)and the libraries call to refresh the tokens fails and redirects to login. The access token lifetime shouldn’t even matter. It’s the refresh token lifetime that matters. This is usually set much longer than the access token timeout in the Okta dev dashboard somewhere.