rephrase docs on OIDCRefreshAccessTokenBeforeExpiry

Signed-off-by: Hans Zandbelt <[email protected]>
OpenIDC · Feb 6, 2024 · 388e3ba · 388e3ba
1 parent c2f200f
commit 388e3ba
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/auth_openidc.conf b/auth_openidc.conf
@@ -1054,11 +1054,11 @@
 #OIDCWhiteListedClaims [<claim>]+
 
 # Specify the minimum time-to-live for the access token stored in the OIDC session.
-# When the access token expiry timestamp (or at tleast the hint given to that) is less than this value,
-# an attempt will be made to refresh the access token using the refresh token grant type with the OP.
-# This only has effect if a refresh token was actually returned from the OP and an "expires_in" hint
-# was returned as part of the authorization response (and subsequent refresh token responses).
-# When not defined no attempt is made to refresh the access token (unless implicitly with OIDCUserInfoRefreshInterval)
+# When the access token expiry timestamp (at least the hint given to that) is less than this value,
+# an attempt will be made to refresh the access token using the refresh token grant type towards the OP.
+# This only has an effect if a refresh token was actually returned from the OP and an "expires_in" hint
+# was returned as part of the authorization response and subsequent refresh token responses.
+# When not defined no attempt is made to refresh the access token (unless implicitly through OIDCUserInfoRefreshInterval)
 # The optional logout_on_error flag makes the refresh logout the current local session if the refresh fails.
 # The optional authenticate_on_error flag sends the user for authentication when the refresh fails.
 #OIDCRefreshAccessTokenBeforeExpiry <seconds> [logout_on_error | authenticate_on_error]