Could you please tell us how often Genesys calls OIDC endpoints to validate a session? Does it happen for every message sent by a customer or only once at the beginning of the conversation?
Hello
We are checking only at session start, while the token is valid (not expired).
When you request the auth code you can specify the TTL for the token. Else it will be the default one. Unless revoked, the JWT is valid for 15 minutes (or the access token age, whichever is the smallest) and the refresh token is valid for 24 hours. We'll update FAQ accordingly, thanks!