Hi Team,
What is default timeout of OKTA refresh timeout?
I have access_token which expires after 1 hour and am using refresh_token to renew the access_token after 1 hour. Though just curious is there any expiry of refresh_token.
Hi @KD84
If you are using Okta authorization server (eg. authorization endpoint looks like /oauth2/v1/authorize), refresh token will have a fixed lifetime of 100 days.
If you are using a custom authorization server (eg. authorization endpoint looks like /oauth2/${authServer}/v1/authorize), then you can customize the lifetime to anytime between 10 minutes and potentially unlimited from the Access Policies inside the authorization server in Okta administrative panel.
1 Like
1 Like
what is the default lifetime of refresh token for a custom authorization server if I don’t explicitly set it?
I believe it’s shown by default for authZ server policy as unlimited, but will expire if not used every 7 days
1 Like
@phi1ipp is correct, those are the lifetimes set for the Default Authorization Server. All other custom authorization servers that you create will NOT have an Access Policy/Rule created for you, so there is no default and you must configure this policy/rule for each server explicitly.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.