I understand the OAuth by default doesnt have a concept of inactivity timeouts. That is more session related. However I have a situation where the access token timeout is 30 minutes, but the clients want it expired after 10 minutes of inactivity. What is the best way of implementing this. There is no refresh token issues in this scenario.
LinkedIn
Twitter
