Allowing an operator to decide how to close to token expiration a new token should be handed out.
I would think allowing an API to be configured and behave as dictated by the entity running the API, would be more of a service model then unpredictable or dictating that all instances of said software behave the same.
If a user requests a token and that token has an expiration date, and user tries to use token beyond expiration and expects it to work. That would be the definition of an USER ERROR.
Allowing an operator to decide how to close to token expiration a new token should be handed out.
I would think allowing an API to be configured and behave as dictated by the entity running the API, would be more of a service model then unpredictable or dictating that all instances of said software behave the same.
If a user requests a token and that token has an expiration date, and user tries to use token beyond expiration and expects it to work. That would be the definition of an USER ERROR.