2021-06-06 UTC
# jamietanna I find 7 days is quite good for apps that don't support refresh tokens (as they're still not implemented widespread) but I'm planning on reducing the lifetime of tokens for clients that do get refresh tokens to be ~1 hour, to limit the risk of those tokens being leaked