When requesting an access_token for an app on AzureAD, getting an AccessToken as well as a RefreshToken. The Refresh token has a specific Lifetime (Expiration) configured via Conditional Access Policy of 8 hours. Now in this 8 hours you can try to renew the accessToken which will expire, if default settings are used, in 1 hour. Then also for the new RefreshToken again 8 hours will be valid. And if the refreshToken is used always in this 8 hours the access will be there for forever from my view. I see no limiting factor here, such as fixed Expiration, even though the refresh token is very frequent used for example.

Docs are not really describing this use-case. Happy to get any hint and support on this.

Thanks a lot.