Access Token Does not Contain Expiration Time

rueben.tiow · October 27, 2023, 9:36pm

Problem statement

After a successful login, the access token returned does not have an exp claim to indicate the expiration. Is there a way to determine when the access token will expire?

Symptoms

Decoding the token with https://jwt.io shows that there is no payload section of the JWT.

Cause

There is no exp claim if the access token is an Opaque access token.

Solution

Opaque Access Tokens are intended to be used at the /userinfo endpoint, and will not have the standard claims of a regular JWT access token. An opaque access token is returned if an audience parameter with an API identifier is not included in the /authorize request.

Access tokens issued strictly for the purpose of accessing the OIDC /userinfo endpoint have a default lifetime and can’t be changed. The length of lifetime depends on the flow used to obtain the token:

Flow	Lifetime
Implicit	7200 seconds (2 hours)
Authorization Code/Hybrid	86400 seconds (24 hours)

Topic		Replies	Views
How to find expiry time from auth0 token Help user-management , user-password-management	5	1586	February 11, 2023
Access token minimum expiration time Help access-token	2	6626	August 2, 2019
Access token expiry time is not getting applied on the JWT token Help jwt , expiration	6	7344	April 7, 2020
Access token minimum expiration time, API page or applications page? Help token	2	6379	August 21, 2019
JWT Token expiration setting not applying to access_token Help	2	3179	August 6, 2019

Access Token Does not Contain Expiration Time

Problem statement

Symptoms

Cause

Solution

Related topics