Is it possible to have a refresh token that never expires?

Attacler · July 31, 2025, 8:45pm

Hey there,

Im working on a Desktop app and im wondering if there is any way of making sure that a refresh token never gets expired.
In a normal webapp the default TTL would be acceptable but in this case its desktop app and i want users to sign in once and forget about it.
So i dont want all sessions to last this long, just the ones from the desktop app.
Is that possible or would i need to do some magic to make this work? (custom endpoint in Directus for example)

Nik · August 1, 2025, 9:27am

I think you can artificially increase the refresh_token token expiration date expires inside directus_sessions table after each login/refresh.

Directus stores a separate refresh_token per user agent, so you basically should be able to distinguish your desktop app from other sources of authentication.

Topic		Replies	Views
Refresh Token not received on login Help	2	148	June 20, 2025
SDK - Handling Access and Refresh Tokens from Server-Side Help api	5	130	November 18, 2025
Refresh token endpoint returning invalid credentials Help	0	139	June 17, 2025
Token duration in settings Help authentication	1	45	October 22, 2025
How to reinit autorefresh session cookie with Nuxt on page reload? Help authentication	6	87	August 28, 2025

Is it possible to have a refresh token that never expires?

Related topics