Since 6.11.0 (2019-09-24), the default refresh token ttl in node oidc provider has changed from 1 day to 14 days.

This is significant because the default refresh token policy is that a refresh token is only rotated if it is past 70% of its ttl.

For a ttl of 1 day, a user therefore needs to have an app request an access token within 7 hours of the refresh token expiring.

For a ttl of 14 days, a user only needs to use the app within 4 days.

With the current default policy in CSS, the experience of users who haven't altered the default will therefore be that for apps that are used less than once a day, they will likely need to login again every day.
If the default policy is changed to align with node oidc provider, they would likely need to login once a year, when the rotation policy enforces it.