I’m trying to use offline_tokens, but after SSO Session Max is reached, the access token is not active anymore in introspect api validation, and if do a refresh_token the expires_in get a negative value. like this:
{
"access_token": "eyJhbGciOiJ...",
"expires_in": -168,
"id_token": "eyJhbGciOiJ...",
"not-before-policy": 1596032378,
"refresh_expires_in": 0,
"refresh_token": "eyJhbGciOiJ...",
"scope": "openid offline_access",
"session_state": "c2be2f50-bc10-4985...",
"token_type": "bearer"
}
According to the documentation, the offline token should be valid even if SSO Max was reached. The introspect don’t validate offline token?
Thank you