Overview
When retrieving an Access Token for the MFA API using the https://{tenant}.{region}.auth0.com/mfa/ audience, it is valid for a default period of time.
This article clarifies whether it is possible to customize the validity period, respectively, to change its lifetime.
Applies To
- Access Tokens generated by Auth0
- MFA API Endpoints
- Access Token Lifetime
Solution
These Access Tokens expire in 10 minutes, and this number is not configurable currently. These tokens are very sensitive, and ideally, they should be obtained only for a short duration when the user needs to perform some operations related to MFA.
If a different validity period is required in a certain use case, and this functionality should be included in the Auth0 product, please submit feedback to the Auth0 Community Site so the Product team can review it further. Please make sure to describe the use case as well.