I am using refresh token for login in my app. I exactly want expiry time of refresh token in response so that I can notify user in app about the refresh token expiry. This will help user to saved the changes before logging again for new refresh token. I am currently using Refresh Token Rotation.
Can someone please help in this case, like how can I get the refresh token expiry time ?
Thanks for your response @tyf .
Is there any way to calculate or get expiry time of refresh token? As this will be beneficial for me as I shared the scenario of logout with actually requires refresh token expiry.
This is somehow not possible from client side to calculate as the user may close the browser which will hence create issue for calculating expiring time after login. Also this is not the ideal approach that must be followed.
I am unfortunately not aware of any way to calculate the expiry time of the refresh token other than knowing the absolute expiration time when a new token is issued.
@tyf I got a question regarding absolute expiration time.
Let say I have logged in today and a new refresh token is generated . I closed the browser and logged in again after 4-5 hours . I know this will generate new token but will the absolute expiration time of refresh token be based on first token generation or will it gets updated every time new refresh token is generated ?
Also What if I disabled the refresh token rotation will the new refresh token inherit the absolute lifetime of the older one or it will have its own absolute lifetime as it is single generated refresh token?
The absolute expiration of the rotating refresh token is set on creation and is not changed through exchange.
If you turn refresh token rotation off, any new refresh tokens returned will not inherent the absolute expiration as they are outside of the previous “family” of refresh tokens. They will instead have their own absolute expiration.