[OPENAM-5477] Add configuration to allow OAuth2 Refresh Tokens to never expire Created: 02/Feb/15  Updated: 20/Nov/16  Resolved: 23/Sep/15

Status: Resolved
Project: OpenAM
Component/s: oauth2
Affects Version/s: 12.0.0, 13.0.0
Fix Version/s: 13.0.0

Type: Improvement Priority: Major
Reporter: Phill Cunnington Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: CustomerRFE, Tesla, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Support Ticket IDs:


The OAuth2 specification is vague in this area only saying refresh tokens should be "long-lived", we currently offer the ability to set the expiry timeout of refresh tokens so it can be configured to what the deployment deems as "long-lived" but in some cases (backend asynchronous process on behalf of the user) having refresh tokens never expire unless explicitly revoked would be useful.

Comment by Andy Hall [ 23/Sep/15 ]

Fixed by work in other JIRA ticket.

Generated at Sat Oct 31 01:37:54 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.