This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Community Hub Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how long does a refresh token last?

someguy
Mt. Kenya

‎05-23-2023 09:50 AM

I'm storing the refresh token for my session in a database and updating it everytime I update the access token. But the other day, my application was down for 60 hours and I was surprised to see that the refresh token still worked.

How long does it last?

Doesn't it defeat the whole purpose of having oauth2 in place if the refresh token can be stored this long?

0 Kudos
1 REPLY 1

Kirk
Shkhara

‎05-23-2023 10:02 AM

There is no refresh_token reported life here , other than you "might" get a new one when you get a new access token. There is no standard per/se of how long a refresh token should last, we've seen forever as one option for other apps. It would stink if your app didn't run for 60 hours (which is very possible in a Zap's case), and then it could not run as you couldn't get a new token.

Another example: Microsoft's refresh token can last up to 90 days: https://learn.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens.

Ready, Get Set, Go!

Welcome to the Community - here is your guide to help you get started!


Know how to use Community


Understand Community Settings

Copyright © 2023 Khoros, LLC