I’m developing a Ruby on Rails app. Authentication is done with the Lock. Users can authenticate either with email+password or with Google. Authentication works fine.
I’ve tried to change both “APIs > Auth0 Management API > Settings > Token Expiration (Seconds)” and “Clients > My client > Settings > JWT Expiration (seconds)”. I’ve tried 36000 seconds (10 hours) and 604800 seconds (1 week). I’ve saved changes every time, logged out of the client, logged in again, checked ID token expiration, but regardless of the settings the ID token always expires in 24 hours. I’ve tried both email+password and Google authentication.
I have tried changing the expiration time successfully from:
Clients > My client > Settings > JWT Expiration (seconds)
Can you ensure that you are logging in to the correct client (client_id) during authentication matches the client_id of the client which settings have been changed.
Thank you for giving it a try. I’ve double-checked the client_id and it matches (and I have only one client). For the sake of curiosity: where do you check the token’s expiration date? I’m asking to make sure I don’t look at the wrong value…
I’ve managed to find the answer to my own question. There are two different tokens (ID token and access token) and both have their own expiration date. I’ve been looking at the wrong one (the expiration date of the ID token, which is indeed always 24 hours). After some research I’ve managed to find the expiration date of the access token and I can confirm it works as expected (i.e. as specified in “Clients > My client > Settings > JWT expiration (seconds)”).