SAML Assertion Based Refresh token incorrect expiry

Hi Team,

We are generating access token and refresh token via saml assertion, both the tokens generated are 10 mins while the authorization server policy we have set is for long intervals (access expiry in hours and refresh token expiry in months). We tried workaround by refreshing the generated saml tokens to get the desired tokens it messes up the expiry (access token in hours which is correct but refresh still 10 minutes). Could anyone kindly help asap.


From Implement authorization by grant type | Okta Developer

Note: The refresh token lifetime depends on the assertion lifetime and the API Access Management policies. The lowest of these defined values is the refresh token max lifetime.

The access_token expiry will also be based off of the SAML NotOnOrAfter attribute.
If this value is 10 minutes from the time the Assertion is created by the IdP and authorization server policy access_token lifetime is 2 hours, then 10 minutes will be used.

If needed you can modify the expiration time of a token with a inline token hook,

Thank You,