I have a React SPA that uses Okta with the “refresh token rotation” feature enabled. Despite the current configuration (refresh token set to unlimited, but expires after 7 days), when the user authenticates, the expiration of the refresh token is the same as the access token expiration (set to 1 hour in my case).
This results in users being disconnected as they can go idle and come back after the access token is expired. Usually the refresh token would be used to regenerate an access token, but in my case the refresh token expires at the same time, resulting in the user logging out.
Is there any reason why the refresh token has the same expiration as the access token? How can I configure my application such that the refresh token has the correct expiration?