The existing refresh token is used to request a new refresh token (and access token).
If the absolute lifetime for the family of refresh tokens is expired the user is forced to authenticate.
From the docs:
- Absolute Lifetime : Set a refresh token or refresh token family lifetime after which the user must re-authenticate before being issued a new access token.
I will have to check on this.
I think this goes back to the previous question, whether or not the Login Session settings supersede the token lifetimes and force logout. I’ll ask the team and get back to you.