Problem statement
After a successful login, the access token returned does not have an exp claim to indicate the expiration. Is there a way to determine when the access token will expire?
Symptoms
Decoding the token with https://jwt.io shows that there is no payload section of the JWT.
Cause
There is no exp claim if the access token is an Opaque access token.
Solution
Opaque Access Tokens are intended to be used at the /userinfo endpoint, and will not have the standard claims of a regular JWT access token. An opaque access token is returned if an audience parameter with an API identifier is not included in the /authorize request.
Access tokens issued strictly for the purpose of accessing the OIDC /userinfo endpoint have a default lifetime and can’t be changed. The length of lifetime depends on the flow used to obtain the token:
| Flow | Lifetime |
|---|---|
| Implicit | 7200 seconds (2 hours) |
| Authorization Code/Hybrid | 86400 seconds (24 hours) |