vagu1 (vagu1) asked a question.
Default authorization server, access token and refresh token lifetime
I'm using default authorization server. I've also added access policies and rules that define access token lifetime (let's say 2 hours). I've also assigned the policy to the client application. But when I login, my access token shows 1 hour expiry and refresh token shows 3 months expiry. I've also changed default policy rule for access token and refresh token lifetime but no change in result. What am I missing here?
@vagu1 (vagu1)
From my understanding the Refresh token should have 2 values. Current token lifetime and maximum lifetime. See the following for a detailed explanation:
https://support.okta.com/help/s/article/access-token-and-refresh-token-lifetime?language=en_US
As for the access token. The default policy rule is 1 hour if it has never been modified. If you created a non-default policy or policy rule are you sure the conditions are being met for it to be applied?