I left out Okta <https://developer.okta.com/docs/guides/refresh-tokens/overview/>(how could I?) - it supports a refresh token expiration, but I couldn't find doc on the details.
On Sun, Jul 21, 2019 at 10:44 AM Brock Allen <brockal...@gmail.com> wrote: > > IdentityServer allows a choice of behavior on refresh token expiration > time. It can have a absolute expiration time, or use a sliding window. > > FWIW, in addition, those can be used together -- sliding & absolute. > Finally, refresh tokens can be re-use or one-time use only. These are all > per-client settings. > > -Brock > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
