I’ve seen lots of discussion about machine-to-machine token lifetimes, but it essentially boils down to: shorter lifetime = more secure but more cost (because more tokens), longer lifetime = less secure (which may be OK for less sensitive app data) but less cost (because fewer tokens).
However someone asked me: what if your main focus is on authentication availability. While Okta’s 99.99% SLA (and better actual performance) means we expect very little unavailability, is it as simple as saying that if availability is more important than security then make your M2M token lifetime, say, 2 hr (which is twice as long as the SLA outage time)?
Any other thoughts?