Oauth2 refresh tokens

Question

Right now, my company runs a java app that uses IMAP and SMTP to read/send e-mails without user interaction. The authentication protocol we use is Basic Authentication. Microsoft has announces End-of-support for Basic authentication, which will be replaced by Oauth2. Unfortunately, they did not provide a clear solution for applications without user interaction. https://docs.microsoft.com/en-gb/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

One of my ideas is to have users authenticate themselves (using Oauth2 authorization code flow) just once, the first time they start the service. Then, refresh tokens will be used to get access tokens without user interaction. It is very important that the connection is not broken because of short expiration dates or revocations. There will probably be nobody around to re-authenticate if the app will be unable to get new access tokens.

I cannot seem to find any information about expiry dates for these tokens (if it is possible to set it). The ideal would be that they never expire...

Does anyone know more about this? It would help me a lot to know whether my idea is a viable approach.

Answer 1

Access tokens can be automatically refreshed. But to me more provider specific I did find some info on refresh token expiry here

https://docs.microsoft.com/en-us/linkedin/shared/authentication/programmatic-refresh-tokens

According to this link LinkedIn tokens access and refresh expire after a max of 365 days.

Also if you see this link it says that the refresh token expires in 90 days if inactive but doesn't say anywhere that it will expire if active.

https://docs.microsoft.com/en-us/office365/enterprise/session-timeouts

Can you provide a reference to the API that you are trying to use so that I find some more info on it (maybe)