I have clients connecting to my backend application giving me permissions, access token and refresh token but these refresh tokens have a limited lifetime if not used and from this, comes the need for the client to revalidate the permissions and tokens.
To avoid that, I'm trying to find ways to have an "until-revoke" refresh token for the OAuth under the Outlook API. I'm not being able to find much information about this. There is something related to Azure policies to change that but... I haven't found a way to do so and specialy related/connected to Outlook API.
Do I have a solution for this or do I need to setup some kind of cron to update the refresh token before expiring?
You're backend application should receive
until-revokedrefresh tokens if it is configured as a confidential client.you can see how an application is configured as a confidential client in Azure AD in this article.
Hope it helps!