Hi,

I have an OAuth app registry entry with the below configuration. It was created 24-Oct-2019. I would expect the refresh token to expire after 100 days (Refresh Token Life span = 8.640.000) but when I look at the refresh token in oauth_credential table, it says expirery is 17-May-2024. That is more than 4 years after it was created. Can anyone explain how that can happen?
I am not a prof in this area - maybe there is a simple explanation, allthough it is almost impossible to find information about how expire dates are calculated and what to do when it expires.

OAuth app registration:

Accessible from = All application scopes
Access Token Lifespan = 1800
Active = TRUE
Authorization Code Lifespan = 60
Client ID = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Client Secret = **********
OAuth Application UUID = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Default Grant type = Resource Owner Password Credentials
ID Token Lifespan = 86400
Message Signature Lifespan = 60
Mobile Client = FALSE
Name = OmadaClient
Public Client = FALSE
Refresh Token Lifespan = 8640000
Enforce Token Restrictions = FALSE
Disable consent screen = FALSE
Class = Application Registries
Type = OAuth Client
Use mutual authentication = FALSE

Any feedback appreciated 🙂

Regards, Bjarne Engelstock