In my app, I make a call to getSession if the user refreshes the page or tries to access a client side rout that requires the user to be authenticated.
The problem I am seeing is that the refreshToken never expires.
But having stepped through the code and if the cachedSession.isValid() call returns false then a call is made to refreshToken which always appears to return new tokens no matter how long I leave it.
Does the refreshToken never expire or can I configure it to expire in an hour or so?
The only way for things to expire is for localStorage.clear() to be called which is obviously not a real solution.
In my app, I make a call to
getSession
if the user refreshes the page or tries to access a client side rout that requires the user to be authenticated.The problem I am seeing is that the refreshToken never expires.
So I do this:
But having stepped through the code and if the
cachedSession.isValid()
call returns false then a call is made torefreshToken
which always appears to return new tokens no matter how long I leave it.Does the refreshToken never expire or can I configure it to expire in an hour or so?
The only way for things to expire is for localStorage.clear() to be called which is obviously not a real solution.