This article aims to assist in providing an explanation regarding the idle refresh token lifetime setting.

• OpenID Connect (OIDC) Applications 
• Authorization Code 
• Resource Owner Password 

On a custom authorization server, the lifetime of the access token and refresh token can be set to a custom value or to no lifetime (unlimited).

Additionally, there is a setting for the tokens to expire after a certain period of time of not being used.

The expiration window (for the Idle refresh token lifetime) must be between the access token lifetime and the refresh token lifetime and cannot be longer than 1825 days.

In this case, if the refresh token is not used within 30 minutes, it will expire.

Related References

• Refresh Token Expiration Behaviour
• How to Retrieve a Refresh Token and What Are the Supported Authentication Flows