angular asp.net-core identityserver4 oidc-client-js

AccessTokenLifeTime expiration- Identity server code flow

I have an ASP.NET Core application with IdentityServer4 for authentication and authorization.
I am using oidc-client with Angular 10 for the front-end.
The problem is my application never logs the user out even after the token is expired. it will be refreshed silently. My AccessTokenLifetime is set to 5 minutes. My CookieSlidingTime is set to 10 minute. Here is my code

    const idServerSettings = {
  authority: Constants.stsAuthority,
  client_id: Constants.clientId,
  scope: 'openid profile',
  response_type: 'code',
  redirect_uri: `${Constants.clientRoot}signin-callback`,
  post_logout_redirect_uri: `${Constants.clientRoot}signout-callback`,
  store: new WebStorageStateStore({ store: localStorage }),
  automaticSilentRenew: true,
  loadUserInfo: true
};

IdentityServer configuration

 new Client {
                ClientName="test",
                ClientId="client-spa",
                AllowedGrantTypes = GrantTypes.Code,
                AlwaysIncludeUserClaimsInIdToken = true,
                RedirectUris = new List<string>() { "https://localhost:44383/signin-callback" }, 
                PostLogoutRedirectUris = {"https://localhost:44383/signout-callback" },
                AllowedCorsOrigins = {  "https://localhost:44383" },
                AccessTokenLifetime = 60*5, // TODO
                AllowedScopes = {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "propel-api"

                },
                RequireClientSecret=false
            }



   var builder = services.AddIdentityServer(options =>
        {
            options.Events.RaiseErrorEvents = true;
            options.Events.RaiseInformationEvents = true;
            options.Events.RaiseFailureEvents = true;
            options.Events.RaiseSuccessEvents = true;
            options.UserInteraction.LoginUrl = "/Account/Login";
            options.UserInteraction.LogoutUrl = "/Account/Logout";
            options.Authentication = new AuthenticationOptions()
            {
                CookieLifetime = TimeSpan.FromMinutes(10), 
                CookieSlidingExpiration = true,
                
            };

Solution

Silent refresh is because you have automaticSilentRenew set to true, per docs:

automaticSilentRenew (boolean, default: false): Flag to indicate if there should be an automatic attempt to renew the access token prior to its expiration. The attempt is made as a result of the accessTokenExpiring event being raised.

If you are looking for an automatic logout, that is not there by design, you need to implement the sign out. Ref.
To force user to re-login after some time of inactivity, there is no out of the box solution available on oidc-client-js (Ref) . What you can do is to:
1. Set automaticSilentRenew to false
2. Implement your own logic to indicate user inactivity and call signinSilent API manually. Ref
  
  Here is some examples for this approach: IdS4 sample, Okta sample
If you want to force user to re-login after some time:
1. Set automaticSilentRenew = false
2. Set UserSsoLifetime for the client on IDS4 configuration. Ref
UserSsoLifetime: The maximum duration (in seconds) since the last time the user authenticated. Defaults to null. You can adjust the lifetime of a session token to control when and how often a user is required to reenter credentials instead of being silently authenticated, when using a web application.

For example UserSsoLifetime = 10 will force the user to re-authenticate after 10 s of inactivity.