according to https://auth0.com/docs/tokens/refresh-token/current refresh tokens never expire.
Since Refresh Tokens never expire, it is essential to be able to revoke them in case they get compromised.
Nevertheless when i decode the refresh token I’m getting from auth0, i see an ‘exp’ attribute. The lifetime is just a few thousand seconds. So whats the ‘exp’ for, if refresh tokens never expire in the first place?