What's the validity of refresh_token #72

janshermarri · 2022-09-07T00:24:23Z

janshermarri
Sep 7, 2022

Can anyone please tell for how long the refresh_token is valid before it expires? Thanks.

Sep 7, 2022

Hi @janshermarri, welcome to Fief 👋

The refresh_token is valid for 30 days. If you self-host your Fief instance, you can customize this parameter using the REFRESH_TOKEN_LIFETIME_SECONDS environment variable.

Bear in mind though that when you use the refresh token to get a fresh access token, you also get a new refresh token, that you should save for the future. The previous one is invalidated, you can use it only once. This is what is usually called refresh token rotation.

View full answer

frankie567 · 2022-09-07T06:36:34Z

frankie567
Sep 7, 2022
Maintainer

Hi @janshermarri, welcome to Fief 👋

The refresh_token is valid for 30 days. If you self-host your Fief instance, you can customize this parameter using the REFRESH_TOKEN_LIFETIME_SECONDS environment variable.

Bear in mind though that when you use the refresh token to get a fresh access token, you also get a new refresh token, that you should save for the future. The previous one is invalidated, you can use it only once. This is what is usually called refresh token rotation.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fief

What's the validity of refresh_token #72

{{title}}

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Fief

What's the validity of refresh_token #72

janshermarri Sep 7, 2022

Replies: 1 comment

frankie567 Sep 7, 2022 Maintainer

janshermarri
Sep 7, 2022

frankie567
Sep 7, 2022
Maintainer