Feature: Allow Refresh Token Exchange to count as activity for the inactivity timeout
Description:
Per Inactivity Timeout and Refresh Token Exchanges, I understand that refresh token exchanges do not extend a user’s inactivity timeout. We would like the ability to change this. In our case, we would like the ability to set a tenant or application-level setting that permits refresh token exchanges to count towards activity for the inactivity timeout.
Use-case:
We have a native app that frequently exchanges refresh tokens for users who are active in the app. At times, native app features open in a webview, which utilize SSO to transparently sign the user into our website in the webview. Given the token refreshes don’t count towards activity, if the user opens a webview after the inactivity timeout expired (30 days), they’re asked to log in within the webview. This is a bad user experience.