I read here that Refresh token lifetime should be short, so I was just looking for guidance on what to set it to? What’s the most secure lifetime? I am building a ReactJS app.
@ReturnOfTheMac You can set it up sth like 10 mins. But you need to follow up the below setup rules.
Thanks. Any advice on what the window should be? The link says “When you use a refresh token with a SPA, make sure that you keep a short refresh token lifetime for better security.” but if I set the refresh token lifetime to 10 minutes than means the window lifetime is in between that so not ideal for the user.
@ReturnOfTheMac Then you can try refresh token time like 15mins.
So the user has to sign in if inactive for 15 minutes? Wouldn’t that be annoying?