In an OIDC compliant flow what is the expected behavior of SSO expiration?
I assume the session expiration is still controlled by the tenant/account settings:
Are there are other rules?
Does the expiration alter between active and inactive sessions?
If have a timeout set for 1 month but I don’t attempt to log into my app for 2 weeks will I be rejected?