For mobile apps an offline token is generated which is a long-lived token. The default lifespan is 30 days. For an offline refresh token the default is 180 days. These authentication flows are called the Authorization code flow. By default, Planon uses PKCE (Proof key for code exchange) in its clients and also strongly recommends PKCE usage for additional clients, to enhance security with an additional layer. The following image provides a schematic representation: