I understand that there is no single standard suitable for all cases, but can there be at least approximate figures expiration time for access_token and refresh_token respectively? Mostly interested in the context of an online store.
- What exactly is this token used for? - Mikhail Vaysman
- @MikhailVaysman access_token is used to gain access to resources for which authorization is necessary (in fact, roles are stored in it, etc.) refresh_token is used to obtain new access_token - Nikita Kragel
- I mean for exactly which operations? How much do these operations depend on time? - Mikhail Vaysman
- @MikhailVaysman, all operations at the moment are quite trivial (this is an online store), so they don’t particularly depend on time - Nikita Kragel
- Then, in principle, you can have any lifetime for the token. Since nothing depends on you. - Mikhail Vaysman
|