...
| Note |
|---|
Important: You can combine the absolute expiration period with the sliding expiration period. Note that the absolute expiration serves as a hard limit of the tokens total lifetime. That means, that the sliding mechanism can extend the tokens duration, as long as it doesn’t exceed the absolute expiration period. |
| Note |
|---|
Important: The clients needs to be explicitly authorized to request refresh tokens by setting |
Scenarios
E-Goverment: An example might be a user filling out a tax form. In this case, security is of high importance. The following settings might be helpful: Absolut for 4 hours and Sliding for 1 hour. In this case, requesting a new refresh and access token can be done 4 times, as the absolute expiration is set for 4 hours and the sliding setting is set for 1 hour.
...