Access Token expiration time

ercanozer · June 24, 2021, 10:21am

Hi,

I am wondering that in your documentation, it says that I can customize access token expiration time, but even If I change expiration time from dashboard, will It not be valid on user info endpoint? For example, lets say I changed my user access token expiration time into 30 day which is max. And, Cannot I use the userinfo endpoint in 25th day ? That is the what I understand from your documentation. So, If I these expiration time is not valid on user info endpoint, what is the meaning of changing the expiration time ?

Ercan Ozer

john.gateley · June 24, 2021, 1:14pm

Hi @ercanozer

You should be using access tokens to access APIs. These access tokens have an expiration time, which can be changed. It should be changed depending on the security requirements of the API.

John

ercanozer · June 24, 2021, 2:33pm

HI @john.gateley ,

Thank you but, It is not what I am asking. I am asking that in this documentation , Access Tokens

it says we cannot change life time for this endpoint. But, you are saying we can change the expiration time. Is that valid for this endpoint ? if it is not valid on this endpoint, why are we changing life time, because we can just already only use in user info endpoint. What is the meaning of customizing life time, if it is not valid on the user info endpoint ?

john.gateley · June 25, 2021, 1:07pm

HI @ercanozer

I was trying to explain this:

You cannot change the expiration time of an access token intended for the /userinfo endpoint (an opaque access token).

All other access tokens are for gaining access to specific APIs - the API named by the audience field of the access token. These access tokens can have the expiration time changed on an API by API basis.

John

ercanozer · June 25, 2021, 2:38pm

@john.gateley
Hi

Okay, I got it. But what if I do not indicate any audience, I can still use the access token for /userinfo endpoint. What I am asking is If I do not indicate any audience, will that changed expiration time be valid for /userinfo endpoint ? or still is not it changeable. Did you get what I mean ?

Ercan

ercanozer · June 28, 2021, 12:03pm

Hi,

Is there any clear answer for my last question ? Because I am being blocked by this question. I hope you can answer me asap.

Ercan Ozer

john.gateley · June 28, 2021, 2:30pm

Hi @ercanozer

As I said above:

You cannot change the expiration time for access tokens for the /userinfo endpoint.

John