Allow duration of refresh tokens to be customised
Currently refresh tokens have a maximum lifespan of 90 days. In an app setting, if the user hasn't interacted with the app for 90 days they will need to re-authenticate using MFA (despite the access token set at 365 days). Being able to customise the refresh token validity and keep consistent with the access token would ensure users are not challenged by MFA unnecessarily
4
votes
