Refresh token expiration time #1427
Assignees
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Which version of Duende.AccessTokenManagement are you using?
Duende identity server 6.3.10 (for development)
Which version of .NET are you using?
.net core 6.0
Describe the bug
Refresh token expires in one hour approximately the expected behaviour that it should be valid for AbsoluteRefreshTokenLifetime which is 30 days
Provided client config
AccessTokenLifetime = 3600,
AbsoluteRefreshTokenLifetime = 2592000,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
RefreshTokenExpiration = TokenExpiration.Absolute,
UpdateAccessTokenClaimsOnRefresh = true,
A clear and concise description of what the bug is.
I am not sure if this is a bug or configuration issue but when getting new access token with refresh token it is giving error as invalid_grant after some time probabaly after one hour, the expected behaviour is to get successful response that should include new access token, new expiresIn and new refreshToken. According to documentation and client config the refresh token should be valid for 30 days. If it is less than one hour the refresh token is able to get new access token if it is more than one hour it throws invalid_grant error.
To Reproduce
Steps to reproduce the behavior.
Expected behavior
The expected behaviour is to get successful response that should include new access token, new expiresIn and new refreshToken. According to documentation and client config the refresh token should be valid for 30 days.
A clear and concise description of what you expected to happen.
Log output/exception with stacktrace
invalid_grant
Additional context
Add any other context about the problem here.
Please let us know if we need to provide more information from our side. Please let us know application changes if needed.
The text was updated successfully, but these errors were encountered: