Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5477

Add configuration to allow OAuth2 Refresh Tokens to never expire

    Details

    • Support Ticket IDs:

      Description

      The OAuth2 specification is vague in this area only saying refresh tokens should be "long-lived", we currently offer the ability to set the expiry timeout of refresh tokens so it can be configured to what the deployment deems as "long-lived" but in some cases (backend asynchronous process on behalf of the user) having refresh tokens never expire unless explicitly revoked would be useful.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              phillcunnington Phill Cunnington
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: