Random user logout

✅ Prerequisites

• Did you perform a cursory search of open issues? Is this question already asked elsewhere?
• Are you reporting to the correct repository (magic-sdk)?

❓ Question

We are using magic in an Electron app and the user is sometimes randomly logged out. We are unable to replicate the error, but it keeps happening. We already checked our code, but it is possible that the error is there.

We found several things that are not clear and that may be the cause:

Re-authenticating users

In the magic documentation it is not clear how long the session lasts and when we have to re-authenticate.

• Does it always expire after 7 days if no other action happens?
• Is the magic.user.isLoggedIn() or magic.user.getIdToken() causing the actual re-authentication? Will this reauthentication provision a new didToken?

didToken claims

We have looked at the decoded claims from the didToken and the ext field was always only 15 minutes in the future. Even after waiting for 15 minutes the user was still logged in - magic.user.isLoggedIn() is returning true.

• How does this work? Is the didToken used solely as an “access token” and you are storing the actual information authentication information used for generating these tokens in the IndexedDB?
• Where can we see how long until the current user’s session expires and he needs to log in again?

The Electron environment also does not seems to be the problem. The IndexedDB where you are storing the sessions are persistent in Electron and even deleting the application cache does not log out the user.

🌎 Environment