Long Lived Refresh Tokens

Is there an option to not issue a new refresh token each time an access token is refreshed?

As outlined in RFC6749:

The authorization server MAY issue a new refresh token, in which case the client MUST discard the old refresh token and replace it with the new refresh token.

Currently, each time I refresh an access token I’m given a new refresh token and new access token. I’d like to keep the same refresh token in use until it is manually revoked. Is this possible?


Hi @carmike, did you find an answer for this?

No, I never did find an answer.

Thanks. I think that I’m going ask again and see if anyone bites.