Even though Refresh Token life time is pre-configured in the policy, every time a new Access Token is requested, OTK framework is issuing new Access Token and also extending the Refresh Token lifetime. Due to this behavior Refresh Token never expires as long as it is being used for getting new Access Token.
In theory Refresh Token should never be renewed, always should have fixed life time. It depends on how the OAuth 2.0 protocol is interpreted and varies based on the implementation.
To address this specific situation with OTK framework, we have modified the the OTK policies on the gateway stop renewing the Refresh Token and force to users to re-authenticate and authorize application to get new Refresh Token. We are using OTK Framework 3.0 on v8.3 gateways. Not sure about this behavior in new versions. Following are the policies you may have to reveiw and customize to achieve what you need for your application.
1. OTK grant_type=REFRESH_TOKEN - Policy Fragment
2. OTK grant_type=REFRESH_TOKEN - Encapsulated Assertion
3. auth/oauth/v2/token - Service