After 30 days, access token and refresh token will expire, and we will have to renew both before they expire.
So is it possible to have a longer duration for refresh token?
The main advantage of using a refresh token is an ability to acquire a new access token without user interaction (Authorization Code Flow) or user credentials (Resource Owner Password Credentials) and without compromising security.
As of now, customers should keep track of an access token expiration date on their backend side and get a new one using a refresh token before it has expired (e.g. in 25 days).
Please sign in to leave a comment.