React SPA token refresh not always happening silently
Hi there, I'm looking for advice around our authentication token setup that is currently causing our users issues, including in some cases data loss.
Our intended configuration is for our React SPA short ID (15 mins) and access tokens (10 mins) that are refreshed silently with a longer life refresh token (2 hours and 10 mins). We store health data so security is very important to us.
If the app is used for longer than the 10 minute access token lifetime it can sometimes end up in an unauthenticated state that causes the app to have to fully re-authenticate by redirecting to our auth domain and back to the app rather than happening silently without updating the app state. This is causing data loss on occasion due to form data not being saved.
Is there either an issue with our configuration/expectations or a way we could troubleshoot the issue? Obviously this is a serious issue for us to any suggestions/feedback would be much appreciated.
Our intended configuration is for our React SPA short ID (15 mins) and access tokens (10 mins) that are refreshed silently with a longer life refresh token (2 hours and 10 mins). We store health data so security is very important to us.
If the app is used for longer than the 10 minute access token lifetime it can sometimes end up in an unauthenticated state that causes the app to have to fully re-authenticate by redirecting to our auth domain and back to the app rather than happening silently without updating the app state. This is causing data loss on occasion due to form data not being saved.
Is there either an issue with our configuration/expectations or a way we could troubleshoot the issue? Obviously this is a serious issue for us to any suggestions/feedback would be much appreciated.
