Bug: Refresh token has a fixed expiration time

[getsnoopy]

Because of this line in AuthContext.tsx, it seems like refresh tokens are set to expire at least 10 minutes after an access token is issued (even if there are no refresh tokens issued by the server). This is problematic for some cases where the access token has a short(er) expiration time than that duration, but the library doesn't redirect to the authorization server again until the fixed timeout is reached.

Steps To Reproduce

1. Issue an access token from the authorization server that is for less than 10 min with no associated refresh token.
2. Wait until the access token expires.
3. See that the library doesn't redirect the user to the authorization server despite the access token having expired.

The current behaviour

It waits for a minimum of 10 min if the authorization server doesn't specify a refresh token.

The expected behaviour

It should not wait for any time after the access token has expired if the server hasn't issued a refresh token.

[soofstad]

Thanks for reporting. Agree that this is a bug. The default value for "refreshToken" should be "null", and not set to anything if there is no refreshtoken in the request.

In the meantime, you can set "refreshTokenExpiresIn" in the config to workaround this issue.