
8yv0o (8yv0o) asked a question.
hello,
we have a test user we want to be able to send an authorized request.
until now, we used a const refresh token to get an access token.
since we moved to the passwordless mechanism, the refresh token expires after a short time even though it has an unlimited lifetime on the access policy.
any help will be appreciated

Hi @8yv0o (8yv0o) , Thank you for reaching out to the Okta Community!
According to our docs, the Lifetime should be Unlimited by default, but it's expected for it to expire if unused for 7 days.
That being said, the Access Policies allow the use of multiple rules, so check that the rule you are expecting to apply has the Proper Priority in the list. The same applies to the Access Policies priority if you have more than one. (Okta Admin Dashboard→ Security→ API→ desired Authorization Server→ Access Policies)
Hope it helps!
hey @Mihai Negoita - Okta (Okta, Inc.) , do you maybe have an answer?
thank you, noam
If the basic settings are ok, then my advice would be to open a case so that a Technical Support Engineer can take an in depth look at what is going on.
Hi @Mihai Negoita - Okta (Okta, Inc.), thank you for your answer
as you can see we have a single policy:
thank you, noam