What scope parameter value should we use for the Authorization Code endpoint to ensure that the refresh token never expires? Currently, we have set the scope to "signature extended," but the refresh token still expires after 30 days.
What scope parameter value should we use for the Authorization Code endpoint to ensure that the refresh token never expires? Currently, we have set the scope to "signature extended," but the refresh token still expires after 30 days.
It is not possible so have a refresh token that never expires due to security reasons. The default value is 30 days as you correctly stated. With the “extended” scope, you can increase the value by additional 30 days.
In addition to what Michael said, to avail the “extended” scope you need to use the refresh token at least once in these 30 days in order to extend the expiry for another 30 days. If the refresh token is not used in 30 days it will still expire and you will need to go through the whole process of generating a new refresh and access token.
The easiest way to think of this is that, if you specify the extended scope, every time a refresh token is used, its life will be extended by 30 days.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.