Genesys Cloud - Developer Community!

Hello, our org is implementing web messaging with authentication and our identity team let us know that the current version our idp is running on does not support offline_access as a scope. 

Looking through documentation, offline_access as a scope is optional but when not included the jwt token will only be valid for 15 minutes. If we are not using a refresh token via offline_access scope, our only option would be to have the user re-authenticate. Is this correct as far as expected behavior goes?

Are there any other strategies/methods we could explore instead of forcing re-authenticaiton?  

Hi,

Regarding the behavior you relate, you are correct indeed.
Genesys Jwt never exceeds 15 minutes. Genesys Refresh token is capped to 24 hours if generated.

But if the access token (or Id token) is higher than 15 minutes and no offline_access scope is set, Genesys will generate a refresh token with the lifetime of the access token (or Id token).
So if offline_access scope cannot be used, you can still generate an access token and/or Id token from your auth provider that has a lifetime between 15 minutes and  24 hours to avoid re-authentication.
For improved safety, only the Id token should be provided in such case (if you have enough control on the auth provider policies).

Hope this helps.