Refresh token lifetime

KD84 · May 23, 2019, 2:28am

Hi Team,

What is default timeout of OKTA refresh timeout?
I have access_token which expires after 1 hour and am using refresh_token to renew the access_token after 1 hour. Though just curious is there any expiry of refresh_token.

dragos · May 23, 2019, 8:37am

Hi @KD84

If you are using Okta authorization server (eg. authorization endpoint looks like /oauth2/v1/authorize), refresh token will have a fixed lifetime of 100 days.

If you are using a custom authorization server (eg. authorization endpoint looks like /oauth2/${authServer}/v1/authorize), then you can customize the lifetime to anytime between 10 minutes and potentially unlimited from the Access Policies inside the authorization server in Okta administrative panel.

Govner · May 23, 2019, 10:11am

gcgc · January 14, 2022, 8:12pm

what is the default lifetime of refresh token for a custom authorization server if I don’t explicitly set it?

phi1ipp · January 15, 2022, 10:59pm

I believe it’s shown by default for authZ server policy as unlimited, but will expire if not used every 7 days

andrea · January 18, 2022, 7:25pm

@phi1ipp is correct, those are the lifetimes set for the Default Authorization Server. All other custom authorization servers that you create will NOT have an Access Policy/Rule created for you, so there is no default and you must configure this policy/rule for each server explicitly.

system · February 8, 2024, 9:17pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Persistent Refresh Token behavior OAuth/OIDC api	7	280	September 5, 2024
Never getting a new refresh token on token endpoint OAuth/OIDC	3	18	December 10, 2024
SAML Assertion Based Refresh token incorrect expiry OAuth/OIDC	2	1936	February 15, 2024
How to change the access token lifetime? Questions	5	9009	March 30, 2022
Refresh Token bugged OAuth/OIDC react , authjs	3	73	October 27, 2024

Refresh token lifetime

Related topics