Allow any expiration timeout for Portal refresh tokens, including no timeout

Idea created by jeremy.bridges on Feb 14, 2020
    New
    Score0

    We have many customers who like to have their users login once and never have to re-login. The secure OAuth workflow that continually generates auth tokens from a never-expiring refresh token is a reasonable security risk to them. Please allow the admin to set a refresh token expiration timeout that is whatever the organization desires, including disabling the timeout. Related documentation:

     

    Specify the default token expiration time—Portal for ArcGIS (10.8) | Documentation for ArcGIS Enterprise