Can you get the remaining absolute time for a rotating refresh token?

Hi folks,

Is it possible to get the remaining absolute time for a rotating refresh token.

For example if I have rotating refresh tokens with an inactivity timeout of 86400 seconds (1 day) and an absolute timeout of 432000 seconds (5 days), my understanding is that if a user logs in at 10am on Monday and uses the application every day, the refresh token will be rotated up until 10am on Saturday, at which point they’d have to log in again when they next need to refresh their access token.

My concern is that it may happen while they’re actively using the application, so maybe they’re using it at 9:55am on the Saturday, and when the time ticks over to 10am they’ll suddenly be logged out. If I can get the refresh token’s absolute expiry time I can give them a warning, or force them to log in again at a suitable point.

Hi @sgsabbage

I don’t believe this is possible, at least now.

Remember the access token will still be valid even if the refresh token expires (until the access token expires) so the abrupt scenario you are talking about isn’t as likely as you might think.

John

1 Like