Will club a few questions together here
1. Does oAuth support having a never expiring access token? The goal, is to get an access token and use it until the user logs out or does not use the token to a certain period of time. This is to avoid having to refresh the token.
2. If 1 is not possible is the only way is to set the expiration time on the access token for a large interval, then is there a way to remove the token if it is not used for some time (say 2 hours)
3. We have implemented out own service to logout which removes the access token. Is that the right way to do it or does spring security provide any other way of doing it?
Appreciate any help.