> IdentityServer allows a choice of behavior on refresh token expiration time. >It can have a absolute expiration time, or use a sliding window.
FWIW, in addition, those can be used together -- sliding & absolute. Finally, refresh tokens can be re-use or one-time use only. These are all per-client settings. -Brock
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth