Refresh tokens configured for Sliding window with max lifetime do not update TTL when refreshed

Description

A refresh token configured with an expiration policy of Sliding window with a maximum lifetime. does not update its TTL when used to refresh. This means that the refresh token effectively expires after its initial Duration rather than after the configured Maximum lifetime even if it is continuously refreshed.

Affects versions

1.46.0-1.48.2

Steps to reproduce

1. Configure the tenant or application for refresh tokens
2. Expiration policy - Sliding window with a maximum lifetime.
3. Duration - 1 minute
4. Maximum lifetime - 10 minutes
5. Usage policy - Reusable. (easier to test this way)
6. Log in to get a refresh token
7. Call the /api/jwt/refresh endpoint to refresh the token prior to the expiration (e.g. at 50 seconds)
8. Call the /api/jwt/refresh endpoint again after the Duration has expired (e.g. at 65 seconds)
9. The refresh token is no longer valid, but it should be usable at this point

Expected behavior

If the refresh token is used prior to Duration expiring, its sliding window TTL should be extended and continue to be extended until it reaches the maximum lifetime.

Screenshots

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Related

• Add max TTL to a sliding window Expiration Policy  #1729

Release Notes

Update the refresh token TTL when using the sliding window with a maximum lifetime JWT Expiration Policy.