@oliver-muthusami hmmm. I did some poking around Microsoft's documentation and found this.

The inclusion of the refresh token in the response can depend on several factors, including the specific configuration of your application and the scopes requested during the authorization process. If you expect to receive a refresh token in the response but fail to, consider the following factors: Scope requirements: Ensure that you're requesting the offline_access scopes along with any other necessary scopes. Authorization grant type: The refresh token is provided when using the authorization code grant type. If your flow differs, the response can be affected. Client configuration: Check your application's settings in the identity platform. Certain configurations may restrict the issuance of refresh_tokens.

Are you sure you have Entra configured correctly?

@dalamenona This error is coming from Prometheus right? Is there a way to get it to tell you which metric is being reported? If not, could you set up a network monitor and capture the traffic that is being sent to narrow down the metric being sent by FusionAuth that is causing the problem? Maybe then we can look into why FusionAuth is sending the conflicting data.

@dalamenona I see your point about the Database_primary_pool_MaxConnections being set to 20 on the value for usage being reported above that. Browsing around the web, I came across something that said Database_primary_pool_Usage is over the lifetime of the application, but can't seem to find the source now. You also make a valid point about around the other data defenitions. It may make sense to do a deeper dive into HikariCP sources in general. There may be some answers there.

Anyone here familiar with these numbers?

It may also make sense for you to open an issue with FusionAuth as it is not clear to me if these numbers are coming from FusionAuth or HikariCP.

@mark-robustelli Thanks for this. We don't have the setting Applications -> FusionAuth -> Edit -> JWT -> Refresh Token Settings -> Refresh Token duration , and I can't enable JWT on the FusionAuth application.

Did you mean the Oauth tab in the tennant? That is currently set to 3600 seconds, but I find I'm still logged in to the admin panel after well over an hour of inactivity.