I have a simple question. At this moment, access token life is configured globally. Would you consider set an expiration access token time different per client? (using global if not defined).
It’s not the same an access token for a mobile application (implicit or authorization code) than for a server side app (client credentials).
Thanks in advance!