SessionInactivityTimeOut not redirecting to OP

[JonEasy]

I have a SPA that delivered the authentication to pen_auth_openidc module. My configuratoin is the following

OIDCProviderMetadataURL https://welll-known/openid-configuration
OIDCRedirectURI https://mydomain/callback
OIDCScope "openid profile"
OIDCClientID CLIENT_ID
OIDCClientSecret secret
OIDCCryptoPassphrase "tA!2bC&4dEfGhI6jKlMnOpQrStRRRRRR"
OIDCProviderTokenEndpointAuth client_secret_post
OIDCSessionType client-cookie
OIDCSessionInactivityTimeout 3600

However after 1 hour when I inspect the network tab on my inspection tool in Chrome I see
Failed to load resource: the server responded with a status of 401 (Unauthorized)

While looking at the logs from apache I see
Get the error
[Tue Feb 06 13:38:52.504250 2024] [auth_openidc:warn] [pid 393:tid 140243701331520] [client ::1:36400] oidc_session_extract: session restored from cache has expired

While reading the documentation it specifies that that "OIDCUnAuthAction" is set to auth by default but I never get redirected to my OP. Why is that ?

[zandbelt]

for an SPA only top-level windows would (and should) be redirected, see: https://github.com/OpenIDC/mod_auth_openidc/wiki/Sessions-and-Timeouts#single-page-applications

[JonEasy]

So if I am under /api/employees and this page is displaying the employees from backend ( on a 2 min basis update). AFter 1 hour of inactivity I can not get more employees since I get 401 error. How I should handle that with he module then ?

[zandbelt]

as written in the link

[JonEasy]

The documents says "In case a timeout occurs, a 401 is returned to the SPA. This behaviour can be configured with OIDCUnAuthAction. Upon receiving the 401, the SPA should reload the application by refreshing the parent window, after which an authentication roundtrip will occur and a new session with new tokens is created."
OIDCUnAuthAction is not doing anything.