Since access tokens have finite lifetimes, refresh tokens allow requesting new access tokens without user interaction.
Refresh tokens are supported for the following flows: authorization code, hybrid and resource owner password credential flow.
The clients needs to be explicitly authorized to request refresh tokens by setting
Additional client settings¶
- Maximum lifetime of a refresh token in seconds. Defaults to 2592000 seconds / 30 days. Zero allows refresh tokens that, when used with
RefreshTokenExpiration = Slidingonly expire after the SlidingRefreshTokenLifetime is passed.
- Sliding lifetime of a refresh token in seconds. Defaults to 1296000 seconds / 15 days
ReUsethe refresh token handle will stay the same when refreshing tokens
OneTimethe refresh token handle will be updated when refreshing tokens
Absolutethe refresh token will expire on a fixed point in time (specified by the AbsoluteRefreshTokenLifetime)
Slidingwhen refreshing the token, the lifetime of the refresh token will be renewed (by the amount specified in SlidingRefreshTokenLifetime). The lifetime will not exceed AbsoluteRefreshTokenLifetime.
- Gets or sets a value indicating whether the access token (and its claims) should be updated on a refresh token request.