I’ve configured a single-page application with refresh tokens and refresh token expiration. I am curious to know what would be the best practices for setting the ID token expiration, reuse interval, absolute lifetime and inactivity lifetime.
The short answer is that it is case-dependent. Generally, the ID token expiration has a default expiration of 36000 seconds (10 hours). However, if security is a concern, then you can shorten the time period before the token expires. [Refence doc: ID Tokens]