This repository was archived by the owner on Feb 24, 2018. It is now read-only.
configure refreshToken expiration #690
Description
In my app, I make a call to getSession if the user refreshes the page or tries to access a client side rout that requires the user to be authenticated.
The problem I am seeing is that the refreshToken never expires.
So I do this:
const currentSession = await authorisationProvider.getSession();
this.setState({ isAuthenticated: currentSession && currentSession.isValid(), busy: false });
But having stepped through the code and if the cachedSession.isValid() call returns false then a call is made to refreshToken which always appears to return new tokens no matter how long I leave it.
Does the refreshToken never expire or can I configure it to expire in an hour or so?
The only way for things to expire is for localStorage.clear() to be called which is obviously not a real solution.