Does the refresh token expire and if so when?

Question

I have read the PODIO documentation. I have in particular contemplated the following statement concerning use of the refresh_token:

This

Answer 1

Refresh tokens will expire X days (or hours) after their creation. Depending on your security requirements this expiration will be 1 month or 1 hour.

You have to make the decision taking care some aspects as functionality and security.

• If you decide to priorize security, a short expiration could make your application anoying for the user.
• If you decide to priorize functionality, your application could be more vulnerable.