Best practices sample to vary the life-time of an OAuth2 token