mod_http_oauth2: Shorten default token validity periods With refresh tokens, short lifetime for access tokens is not a problem. The arbitrary choice of one hour seems reasonable. RFC 6749 has it as example value. One week for refresh tokens matching the default archive retention period. This means that a client that remains unused for one week will have to sign in again. An actively used client will continually push that forward with each used refresh token.

This module helps reduces power usage of inactive mobile clients while
another client is actively used. E.g. in the case of chatting on a
desktop computer, instantly pushing messages to a phone in someones
pocket is not the best use of radio time.

Works with [mod_csi_simple][doc:modules:mod_csi_simple] which is
included with Prosody since 0.11