We have an MSAL.js client and B2C as identity provider. According to this doc, since PKCE is used, the maximum refresh token is 24 hours: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/token-lifetimes.md#refresh-tokens
Even if we redeem the token, the new token also shares the same expiration time.
To keep the user logged in, we can silently log them in, but the maximum session time is 24 hours (SessionExpiryInSeconds in https://docs.microsoft.com/en-us/azure/active-directory-b2c/relyingparty#userjourneybehaviors)
If we don't want to prompt the user for login after 24 hours inactivity, we need the "Keep me signed in" enabled in our custom policy.
Can you confirm that this is the only way to keep the user logged in even after 24 hours of inactivity?
Thank you!