OAuth tokens now obey their expiration
A side effect of !3112 (merged) is that OAuth tokens now obey their expiration. Default setting of pleroma/oauth2/token_expires_in
was 600 seconds and wasn't altered by !3112 (merged), which caused frequent unintended logouts.
!3193 (merged) changed OAuth tokens and authorizations lifetime to 30 days. So every browser session and app will require a new login every 30 days unless they support using the refresh token.
What should be our ultimate strategy here?
Edited by Ivan Tashkinov