From f7db782e1c81b134e8c6b644494b456bb52d9e00 Mon Sep 17 00:00:00 2001
From: Momi-V <83947761+Momi-V@users.noreply.github.com>
Date: Mon, 3 Nov 2025 10:12:49 +0100
Subject: [PATCH] Add option to disable refresh token renewal

Add a new configuration option to disable refresh token renewal, requiring full reauthentication every 30/90 days.
---
 src/config.rs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/config.rs b/src/config.rs
index e1a2f4c2..ee140998 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -706,6 +706,10 @@ make_config! {
         /// Note that the checkbox would still be present, but ignored.
         disable_2fa_remember:   bool,   true,   def,    false;
 
+        /// Disable refresh token renewal |> If true, disables sliding window for refresh token expiry.
+        /// This only renews the token on a full login (Password (+2FA), SSO, etc.) forcing a full reauth every 30 days (90 for the native app)
+        disable_refresh_token_renewal: bool, true, def, false;
+
         /// Disable authenticator time drifted codes to be valid |> Enabling this only allows the current TOTP code to be valid
         /// TOTP codes of the previous and next 30 seconds will be invalid.
         authenticator_disable_time_drift: bool, true, def, false;