Hi
Greetings!
Is it possible to have Refresh tokens with Sliding expiry?
If the Refresh Token Rotation is enabled, Absolute lifetime becomes mandatory.
It can’t be turned off. User will be asked to sign-in when the configured lifetime reaches.
Additional references:
(1) Refresh token expiry cases - Auth0 Community
(2) Configure Refresh Token Expiration (auth0.com)
Thanks, Selva
Hi there @Selva!
Unfortunately, there is no way to completely avoid the Absolute Lifetime requirement if you are using Refresh Token Rotation. The system is designed this way for enhanced security, to limit the potential misuse of long-lived tokens. You can always configure a relatively long absolute lifetime, but it will always be in place when rotation is enabled.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.