Token expirations per client #2664
-
|
Hello! 👋 is there any way to set the token expirations per client instead of globally? Ideally it would be nice to set the token expirations when accepting the login request/consent request, since it would allow us to run arbitrary decision logic to determine an appropriate token expiration Looking at the docs, this does not currently seem possible. To understand the use-case consider the following: A project has 2 applications (different OIDC clients), one managing very sensitive data and one managing novelty data/low-sensitivity data. In this use-case, it would make sense to have very long token expirations on the refresh_token for the low-sensitivity application and very short token expirations for the high sensitivity client Thanks in advance and thanks for developing an amazing project! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
I think your question might be answered by #1529 😉 |
Beta Was this translation helpful? Give feedback.
-
|
Perfect, thanks! I'll read up on the issue |
Beta Was this translation helpful? Give feedback.
I think your question might be answered by #1529 😉