Expire Auth0 session in backend

Hi! I’m trying to achieve a feature where the user gets logged out based on inactivity time.

I set the access token expiration very low and expected to see some kind of error in my requests after that amount of time had passed, yet I keep receiving responses with status 200 and the data I requested.

My auth0 configuration (to test this) looks like this:
Id_token expiration: 36000s
access_token expiration: 40s
refresh token absolute and inactivity expiration: 40s
rotation activated

Also, if I expire the id_token, graphQL throws an error on requests as expected, but this is not the case with the access token. However, I can’t achieve this feature invalidating the id_token since I can’t seem to expire the id_token based on inactivity.

Am I missing something about how 8base works with auth0? Or maybe a different strategy should be used?