Sure. But, do you see any pitfalls to that approach? For example, what if the client is in middle of some work, access token expires, they try to get a new access token and now find that refresh token has also expired and now they need to re-authenticate, and potentially losing current context on client side. would it be better to have some warning to client about upcoming expiration, say... if current time = refresh token expiration time minus 2 or 3 times the access token expiration time, then warn client on issue access token request.
So... the logic keeps getting "custom", and not something out of the box. I'm looking for what does CA recommend if the business requirement is for a hard limit on refresh token max lifetime.