Refresh token lifetime

Hi Team,

What is default timeout of OKTA refresh timeout?
I have access_token which expires after 1 hour and am using refresh_token to renew the access_token after 1 hour. Though just curious is there any expiry of refresh_token.

Hi @KD84

If you are using Okta authorization server (eg. authorization endpoint looks like /oauth2/v1/authorize), refresh token will have a fixed lifetime of 100 days.

If you are using a custom authorization server (eg. authorization endpoint looks like /oauth2/${authServer}/v1/authorize), then you can customize the lifetime to anytime between 10 minutes and potentially unlimited from the Access Policies inside the authorization server in Okta administrative panel.

1 Like

image

1 Like