Refresh Token does not expires.

[aghatt]

Required Terms

• [X] I agree to follow this project's Code of Conduct
• [X] I have read and accept the Salesforce Program Agreement

What service(s) is this request for?

All services using Oauth

Tell us about what you're trying to solve. What challenges are you facing?

For Add-on to communicate its clients they need an Oauth token which expires in 8 hrs. In order to renew the token a refresher token is required to be submitted to get the oauth token. This refresher token never expires. Both the tokens should have a expiry in order to improve the security posture of this Oauth based authorization.

[friism]

Thanks for opening this - this is something we were already looking at improving. We may end up adopting some of the measures that Salesforce has: https://help.salesforce.com/s/articleView?id=sf.connected_app_manage_oauth.htm&type=5