I am getting both access_token and refresh_token for oauth call.
Is there any documented life span for both the tokens generated?
What is the longevity of access_token and refresh_token? Can this be configurable?
Is there some way I configure the oauth call not to generate refresh_token? I have seen in other oauth servers that we can only get access_token and avoid refresh_token being generated.
How can I do here?