Hi Mongo Realm
In the Realm reference Authenticate HTTP Client Requests it states that access tokens expire 30 minutes after MongoDB Realm grants them.
- When do the refresh tokens granted by MongoDB Realm expire?
- Is it possible to customise the expiry and/or the payload of the refresh tokens?
Currently in my non-realm api I enforce the business logic that a user must re-authenticate once their subscription could end by setting the refresh token to expire when the users current subscription period ends (approx 1 month) and supplying the same refresh token to the user until it expires (do not regenerate another refresh token until current one has expired).