Access Token Does not Contain Expiration Time

Problem statement

After a successful login, the access token returned does not have an exp claim to indicate the expiration. Is there a way to determine when the access token will expire?


Decoding the token with shows that there is no payload section of the JWT.


There is no exp claim if the access token is an Opaque access token.


Opaque Access Tokens are intended to be used at the /userinfo endpoint, and will not have the standard claims of a regular JWT access token. An opaque access token is returned if an audience parameter with an API identifier is not included in the /authorize request.

Access tokens issued strictly for the purpose of accessing the OIDC /userinfo endpoint have a default lifetime and can’t be changed. The length of lifetime depends on the flow used to obtain the token:

Flow Lifetime
Implicit 7200 seconds (2 hours)
Authorization Code/Hybrid 86400 seconds (24 hours)