We use IdentityServer to grant tokens. IdentityServer has two fields that we can set related to refresh time limit of the tokens we provide. One is the method of expiration which can be absolute or sliding; we use sliding so a token can be continually refreshed. The other field is for the access token lifetime, which we set to one hour. This means that the access token can’t be used after an hour, but it can be refreshed for a new token, because of the sliding expiration.
However, there is a third field that is limited by IdentityServer itself which is that the base token can only be used for 30 days. After 30 days, a token cannot be refreshed and must be gotten new from the server.