I am wondering that in your documentation, it says that I can customize access token expiration time, but even If I change expiration time from dashboard, will It not be valid on user info endpoint? For example, lets say I changed my user access token expiration time into 30 day which is max. And, Cannot I use the userinfo endpoint in 25th day ? That is the what I understand from your documentation. So, If I these expiration time is not valid on user info endpoint, what is the meaning of changing the expiration time ?
You should be using access tokens to access APIs. These access tokens have an expiration time, which can be changed. It should be changed depending on the security requirements of the API.
HI @john.gateley ,
Thank you but, It is not what I am asking. I am asking that in this documentation , Access Tokens
it says we cannot change life time for this endpoint. But, you are saying we can change the expiration time. Is that valid for this endpoint ? if it is not valid on this endpoint, why are we changing life time, because we can just already only use in user info endpoint. What is the meaning of customizing life time, if it is not valid on the user info endpoint ?
I was trying to explain this:
You cannot change the expiration time of an access token intended for the /userinfo endpoint (an opaque access token).
All other access tokens are for gaining access to specific APIs - the API named by the audience field of the access token. These access tokens can have the expiration time changed on an API by API basis.
Okay, I got it. But what if I do not indicate any audience, I can still use the access token for /userinfo endpoint. What I am asking is If I do not indicate any audience, will that changed expiration time be valid for /userinfo endpoint ? or still is not it changeable. Did you get what I mean ?
Is there any clear answer for my last question ? Because I am being blocked by this question. I hope you can answer me asap.
As I said above:
You cannot change the expiration time for access tokens for the /userinfo endpoint.