Is the signinFlowExpiryMins refreshed for every API call, or does it only refresh once AUTH_ALLOWED is reached?

• Product: Symantec Identity Security Platform - IDSP (formerly VIP Authentication Hub)
• Component: Authentication API

Users seeking clarification on how the flowstate expiry timer behaves during multi-step authentication flows.

The signinFlowExpiryMins (which governs the expiry of the flowstate) is refreshed for every API call made during an active authentication flow.

Active flows keep their expiry pushed forward by the defined interval with each interaction. The timer does not wait for a specific state like AUTH_ALLOWED to reset; rather, it maintains the session as long as API calls continue within the specified window.