How the expiration time for refresh tokens is calculated

■Prerequisites
One of the Zoom API’s restrictions is the expiration of refresh tokens.

◇Zoom API Restrictions
・The refresh token used to call the Zoom API expires 90 days after its last use.
If this period is exceeded, the user will be unable to use the Zoom API. (The user must re-authenticate with the OAuth app.)
( OAuth 2.0 - Integrations - Zoom Developer Docs )

■Points to Confirm
Could you please clarify which of the following methods is used to calculate the expiration period for refresh tokens?
(1) The count begins at the time of authentication with the OAuth app, and the token expires after 90 days.

(2) The countdown begins when the user authenticates with the OAuth app and calls an API, and the token expires after 90 days.
(The countdown does not begin simply by authenticating with the OAuth app.)

We appreciate your confirmation.

@suzunosuke.miyahara the 90 days expiry of refresh token starts counting from the time of issue.

Everytime you use the refresh token to get a new access token, we will issue a new refresh token with an updated 90 days expiry and invalidate the “used” refresh token.

@chunsiong.zoom
Thank you very much for your response.

I apologize for asking such a basic question, but I’d like to confirm this just to be sure.

Is it correct that a refresh token is issued when authentication with the OAuth app is completed (and that the refresh token’s expiration time starts counting from that point)?

@suzunosuke.miyahara the refresh token is issued together with the access token when the OAuth flow is completed. The expiry starts from there.

@chunsiong.zoom
Thank you for your reply. It was very helpful!!