Comments (7)
Yeah, if you have an inactivity session limit set to 5 mins, and you want to be able to extend that session, I can see why you want to use cacheMode: off
every 5 minutes.
In that case, you would hit the same limit as you'd with Auth0.js, yes.
To be honest, I am not sure where the 15min limit is coming from on the Auth0.js page you shared, but it most likely also depends on the tier you are using etc. If it would cause issues, I think you want to consider increasing the session time (but that's ofcourse not something I have any say in, just want to mention it)
from auth0-spa-js.
Thanks for reaching out. Can you elaborate what issues you encounter that made you look for this limitation?
checkSession
works differently in Auth0-SPA-JS to how Auth0.JS works, more specifically we have internal mechanisms to not hit Auth0 when not needed, which are not part of Auth0.js. Therefore, we have no such limitation defined for checkSession in Auth0-SPA-JS, same goes for getTokenSilently
.
However, we are ofcourse interested to learn from your use-case that made you look for these limitations.
from auth0-spa-js.
@frederikprijck thanks for your response!
We want to set a 5-minute inactivity timeout for Auth0 session. We use auth0-react (which uses auth0-spa-js internally) in our application.
To keep the session active while the app is open we were looking for methods that can keep the activity of the session.
We found these two methods getTokenSilently
and checkSession
in auth0-spa-js, but also encountered that the auth0.js docs mentioned 15-minutes rate limits.
As auth0-spa-js has a similar method checkSession
, that uses getTokenSilently
internally, we got confused about the limits
from auth0-spa-js.
As mentioned, both work differently. With Auth0-SPA-JS having its own cache, and doing less calls to auth0, it makes little sense to consider the same limitations, as they do not share those same limitations. Even more so, i would argue you can call checkSession as much as you need, our cache should ensure auth0 isn't called when not necessary.
Closing, feel free to open another issue if you need further assistance.
from auth0-spa-js.
Limits do not apply even if I call getTokenSilently
in auth0-spa-js with { cacheMode: off }
options?
from auth0-spa-js.
They do, but limits may vary depending whether or not you use refresh tokens, which isn't the case with auth0-spa-js.
However, cacheMode off isnt something you should need so often it would hit limits. Can you expand on your use case if you think it will hit the limits?
from auth0-spa-js.
@frederikprijck We have an inactivity session limit for the auth0 session of 5 mins.
When an SPA application tab is open, we would like to keep the session active. For this purpose, we need to request auth API at least every 5 minutes, so the session remains active. We found only one method to do that, using getTokenSilently
method.
But we fear that we can encounter the 15 mins limit (as I said we want to call it each 5 mins).
*We don't use refresh tokens, we use authentication through an iframe
from auth0-spa-js.
Related Issues (20)
- "Misconfiguration in the system or a service outage" error in Auth0 HOT 3
- prompt in authorizationParams is not getting override. It is coming none even if it is set to other value like login. HOT 7
- Sophos Cyber Security Endpoint detects ransomware in the package HOT 3
- Total Cookie Protection breaks auth HOT 2
- Better error messaging when out of local storage quota? HOT 4
- Angular SSR window.crypto HOT 1
- User without Organization Membership caused infitine login redirect loop HOT 2
- NullInjectorError HOT 1
- Use '.well-known/openid-configuration' to configure Auth0Provider (Auth0Client) calls HOT 6
- React Quickstart causing error upon clicking the login button HOT 2
- organization option of Auth0Client.getTokenSilently function is unexpectedly reuse previous value HOT 4
- Make getTokenSilently Generic HOT 2
- Support `getAccessTokenSilently` for multiple audiences in parallel HOT 4
- auth0-spa-js for multipage app? HOT 3
- Suport for multi tab sessions HOT 5
- Add configuration option for custom transaction storage
- LoginWithPopup doesn't work in Microsoft Word add-in on Mac HOT 3
- Extra redirect on silent login after upgrade to v2 HOT 9
- Implicit return in auth0-spa-js/src/cache /cache-manager.ts when TS "noImplicitReturns" is set to true HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth0-spa-js.