Changing the Duration of Access Tokens and Refresh Tokens and Their Behavior

What happens to already issued access tokens and refresh tokens when their durations are changed?

  • Do already issued tokens become invalidated?
  • Does the duration of already issued tokens remain as it was before the change, or is the new duration applied?

Hi @kito.hirokazu , thank you for posting your questions!

An already issued ID and Access token will be valid for the period they were originally issued for. There is no automate way to invalidate them thus there would be a need to actively logged users out. Revoke Tokens

In case of refresh tokens, the expiry time will also be as initially set, but you can revoke them (once revoked, they will be invalidated). Revoke Refresh Tokens

I remain available in case of follow-up questions!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.