Passwords don’t expire unless you configure the expiration (max age) in the password policy. So by default your password will never expire.

The JWT TTL can be configured per application, so if you were using a different application for OIDC vs an API - then you could do it.

But if you don't want to use multiple applications, then it is not possible, at least currently.

I could see a use case for asking for a JWT with a TTL equal to or less than the configuration and that request being honored, that could be a feature request. But as of right now, the only option is different applications.

It means the user won't be able to login.

Yes, a refresh token has a configured time to live (TTL). It can be configured at the Tenant or Application level.
More here: https://fusionauth.io/docs/v1/tech/core-concepts/tenants#jwt