I implement autentication mechanism in web application with Angular 2.
I going to use JSON Web Token. Two types of token, Access token (short-lived) and Refresh token (long-lived) which are described here: https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/
I want to obtain result which is common when session/cookies are used. After a period time of user inactivity, the user is logged out. Which basiclly means that the browser displays the login page and in case of using JWT, the tokens are removed from browser localStorage or storage cookies.
I do not see the way how to do this, relaing only on Access and Refresh tokens.
When Access token is expired (eg. each 10 minutes), the new one is requested using Refresh token (which expires each 8 hours). But what when the user is inactive for eg. 1 hour? Refresh token is still valid so next user interaction will cause obtain new Access token and the user sill can use th app.
Maybe there are some Angular2 or JavaScript mechanisms which in case of user inactivity, perform some action or redirect to login page?
