[OPENAM-5477] Add configuration to allow OAuth2 Refresh Tokens to never expire Created: 02/Feb/15 Updated: 20/Nov/16 Resolved: 23/Sep/15
|Affects Version/s:||12.0.0, 13.0.0|
|Labels:||CustomerRFE, Tesla, release-notes|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Support Ticket IDs:|
The OAuth2 specification is vague in this area only saying refresh tokens should be "long-lived", we currently offer the ability to set the expiry timeout of refresh tokens so it can be configured to what the deployment deems as "long-lived" but in some cases (backend asynchronous process on behalf of the user) having refresh tokens never expire unless explicitly revoked would be useful.
|Comment by Andy Hall [ 23/Sep/15 ]|
Fixed by work in other JIRA ticket.