I am using JWT Grant to exchange a JWT token generated by an external Identity Provider for a WSO2 access token.
The client that will do this is a public browser so I don't want to have a refresh_token. Is there way to configure WSO2 API Manager so that it doesn't generate a refresh_token?