Simple question – but one for which I couldn’t see the answer in any docs or threads.
We currently have refresh token rotation enabled. However, I would like to turn it off as the security benefits are not so significant in our use case, and we don’t want users to require internally managing and renewing a long-lived token every 6 months.
I want to understand if disabling it will affect current tokens – i.e. will existing refresh tokens be invalidated or face issues (other than their existing expiry being in force).
We have production users using these for automated API queries so I need to be sure of this before toggling it off… and it’s just not clear anywhere if switching from enabled > disabled has such consequences.