I'm assuming that you are using the default authentication flow (password flow) with the Hybris OAuth server. In this case, the session length is controlled through OAuth client settings in backoffice.
However to know when the session expires you can check the token payload (AuthStorageService.getToken). One of the properties would be expiration time which could be used to know when the session will actually end.
Marcin is correct. Spartacus is 100% API driven, interacting with Commerce backend by sending request to configured endpoints. These endpoints require an access token to be sent with the request, and this access token needs to be retrieved by following the Client Credentials Flow that is defined by the OAuth specification.
As long as you log in successfully, you can find access token issued by Commerce backend in Chrome dev tools, application tab -> Local storage as highlighted below:
the field expires_at stores the value of exact date and time when token will be expired.
you can use the code below in console to convert it to human readable string:
new Date(1627660784476).toGMTString();
You can control the token time-to-live value via configuration in backoffice by property: oauth2.accessTokenValiditySeconds
See document for detail:
if you need to code in Spartacus to know when the token will be expired, inject AuthStorageService in your app.module.ts, and then access expires_at property of result returned by getToken method.
export class AppModule {
constructor(private authService: AuthStorageService){
const token: Observable<AuthToken> = this.authService.getToken();
token.subscribe((token) => console.log('expire at:' , token.expires_at));
}
}
