In much the same way that you could modify the expiration of the the
id_token using the
It would be great to allow control of
access_token expiration for
OIDC compliant flows in rules and hooks.
For governance and control reasons I would probably expect the expiration values set on the API to represent the maximum expiration value allowed.