Refresh token and access token share same lifetime

[ayZagen]

What is the current behavior?
When ACCESS_TOKEN_LIFESPAN environment variable set it affects refresh tokens too.

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.

• Set ACCESS_TOKEN_LIFESPAN to a value that you will wait for and start hydra.
• Get a refresh token
• Introspect it after ACCESS_TOKEN_LIFESPAN expires
• Result should be { active: false }

What is the expected behavior?
Refresh token lifespan config should be seperate

Which version of the software is affected?
Master branch.

[aeneasr]

Please share your configuration (all env vars, truncate sensitive ones) too.

[aeneasr]

I can not reproduce this. Refresh tokens do not have an expiry time by the way.

[ayZagen]

I checked postgres and they seem active. But when I try to introspect it returns false.

[ayZagen]

Alright my bad. I was sending in refresh_token field. It should be token instead. Could you improve response output ? :)

[jigetage]

Configuration key ACCESS_TOKEN_LIFESPAN is deprecated and will be removed in a future release. Use key ttl.access_token instead!