Allow any expiration timeout for Portal refresh tokens, including no timeout

02-14-2020 02:01 PM
Status: Open
New Contributor III

We have many customers who like to have their users login once and never have to re-login. The secure OAuth workflow that continually generates auth tokens from a never-expiring refresh token is a reasonable security risk to them. Please allow the admin to set a refresh token expiration timeout that is whatever the organization desires, including disabling the timeout. Related documentation:

Specify the default token expiration time—Portal for ArcGIS (10.8) | Documentation for ArcGIS Enterp... 

Tags (2)