Comment 14 for bug 1215627

Allowing an operator to decide how to close to token expiration a new token should be handed out.

I would think allowing an API to be configured and behave as dictated by the entity running the API, would be more of a service model then unpredictable or dictating that all instances of said software behave the same.

If a user requests a token and that token has an expiration date, and user tries to use token beyond expiration and expects it to work. That would be the definition of an USER ERROR.