Hi Adrian,   Thanks for you input. Unfortenately I can't keep a client secret secured, that why I use a native app. Still think that the expiration period of a refresh token should be sliding since last use instead compared to the first user consent.   Best regards, Sander     ... Vis flere