We have tried to set the RefreshTokenValidityPeriod in the identity.xml as -1 to make the refresh token valid forever. But the refresh token was expired immediately when it was set to -1. We are using wso2 API manager 2.1.0 and deployed with docker.
You can't do that. But, if you're fine with the security risk of having a non-expiring refresh token, you can have a non-expiring access token, instead. Both the advantage and risk are the same in 2.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkRead more
