What is the minimum token expiration time for a javascript SPA - I can’t find that information here?
The link above mentions configuring the expiration time on the API’s page - but what about the expiration time I can configure on the “applications page”. Could I just configure the JWT Expiration time here?
Thanks for helping out.
In Auth0, JWT token format is used for both access_token and id_token. You can change id_token life time from Applications section and access_token lifetime from API section.
See following video clip for difference between id_token and access_token.
Ok, so something likes this can be concluded, for access tokens:
| Token Expiration | Token Expiration For Browser Flows | |
|---|---|---|
| default value | 86400 (1 day) | 86400 (1 day) |
| min value | 300 (5 min) | 300 (5 min) |
| max value | 2592000 (30 days) | 86400 (1 day)* |
)* can’t be greater than token expiration time.