Is there a way to change the policies/rules applied to the org level authorization server? I haven’t been able to find a way to modify the access token lifetime(set to 1 hour by default) or refresh token lifetimes. Specifically the endpoint I am referring to is <tenant>/oauth2/v1/token
The Org Authorization Server does not support the customizations you are referring to. These options (to create Access Policies and Rules, as well as custom Scopes and Claims) is only available for Custom Authorization Servers. The Org Authorization Server will only issue Access and ID tokens with a 1 hour lifetime.
Okay thanks. Do you know if a refresh token is supported? Is there any documentation the policies/rules that are applied to the authz server?
Yup, Refresh Tokens are supported by the Org Authorization Server (though currently they are not available for OIN integrations). Their lifetime will also be fixed at 90 days.
This is the main guide we have about how to configure these Access Policies/Rules, Create an authorization server | Okta Developer, but let me know if you have a question about something not covered in here.