configure refreshToken expiration

[dagda1]

In my app, I make a call to getSession if the user refreshes the page or tries to access a client side rout that requires the user to be authenticated.

The problem I am seeing is that the refreshToken never expires.

So I do this:

const currentSession = await authorisationProvider.getSession();

this.setState({ isAuthenticated: currentSession && currentSession.isValid(), busy: false });

But having stepped through the code and if the cachedSession.isValid() call returns false then a call is made to refreshToken which always appears to return new tokens no matter how long I leave it.

Does the refreshToken never expire or can I configure it to expire in an hour or so?

The only way for things to expire is for localStorage.clear() to be called which is obviously not a real solution.