We've recently successfully updated a login handler from using IPSConnect to using the OAuth server built into IPS 4.3, but I've noticed that the lifetime of the 'long lived' refresh tokens of authorizations on our OAuth client is only about a week.

When editing the OAuth client definition I can choose an access token token lifetime, but there doesn't seem to be an option for configuring the *refresh* token lifetime. Does anyone know if this is possible? I'd like users to not have to sign in again if they've not used our site for the last 7 days!

 

If this isn't currently configurable in IPS what is the official route for requesting / suggesting that as a new feature for a future IPS update?

Feedback board.