Alrighty, so scenario of my dad’s phone is handled and should not be a concern.
This would just leave me with the odd ‘laptop I’ve not used in a while’ case. I guess I can live with it but I’d love to be able to customize the token expiration.
Personally, I’d set it to a year - I know, quite long.
In terms of using long lived tokens, I guess that would also be an option but I’m not aware of how to achieve authentication in the app/web UI with an already existing token.