Change expiration Time of access token

Hi,

i try to decrease the expiration time from my access_token, but when i set a new value in my API Details under Auth0 Management Api → Token Settings → Token Expiration → 30000ms

In my session object under accessTokenExpiresAt the value is still a different. In my case 1706293978ms…

What can i do to change this expiration?

I’m on a nextjs project an use the @auth0/nextjs-auth0 package.

Hi @me1k,

Welcome to the Auth0 Community!

It looks like you have changed the access token expiration time correctly. However, let me clarify that the token expiration is in seconds instead of milliseconds. See below:

Additionally, the value 1706293978 you shared is the expiration time in seconds since Unix epoch. Using jwt.io to decode my token, here is an example:

image

Hovering over the time gives you the GMT date and time: image

To verify that your expiration time is correct, you can look at the exp and iat claim of your access token.

Then you can perform the following calculation:

  • Token expiration (in seconds) = exp (Expiration time in seconds) - iat (Issued at in seconds)

The token expiration time should match the value you set in your token settings.

Let me know how this goes for you.

Thanks,
Rueben

Hi @rueben.tiow , thank you for your reply!

This works for me :slight_smile:

One more question … How do i get an refresh token? Do i need to request it seperately?

Hi @me1k,

Thanks for the update. Good to hear it’s working!

To get a refresh token, you will need to pass the offline_access scope in your login request.

See our Get Refresh Tokens documentation.

Cheers,
Rueben

Thank you for your reply.

I already checked this documentation. But honestly don’t get it. Maybe bc i’m also quite new to next.js.

I use the @auth0/nextjs-auth0 package and createt this route:

import { handleAuth } from '@auth0/nextjs-auth0';

export const GET = handleAuth();

so login and logout works quite straight forward with api/auth/login or logout. But the documentation says i need to use /authorize… But the

handleAuth

from @auth0/nextjs-auth0 doesn’t seem to bring this when i type /api/auth/authorize in the url

do you have a hint maybe for me? Would appreciate.

Hi @me1k,

Essentially, you need to include the offline_access scope in your configuration (or AUTH0_SCOPE) within the .env.local file.

(Reference:ConfigParameters | @auth0/nextjs-auth0)

Also, let me add that the /authorize endpoint is called when you use the login handler in Auth0 Next.js SDK. You can verify this by checking the network activity.

I hope this helps!

Thanks,
Rueben

Hi @rueben.tiow,

i’m sorry but i cannot find the solution.

I tried to put the offline_access to the options of handleLogin. But i cannot find the attribute within authorizationOptions where to put it in? when i put it to scope i get the error, that scope only can have openid. And in the documentation AuthorizationParams | @auth0/nextjs-auth0 i cannot find anything about offline_access. And when i put it to the .env like so: `AUTH0_SCOPE = ‘offline_access’ i get the following error:

 ⨯ node_modules/@auth0/nextjs-auth0/dist/auth0-session/get-config.js (197:14) @ get
 ⨯ TypeError: "authorizationParams.scope" with value "offline_access" fails to match the contains openid pattern
    at Page (./src/app/page.tsx:19:90)
    at stringify (<anonymous>)
digest: "2392272747"

Edit: Well … just adding openid as well to the scope did it and now i get a refreshToken.
scope: 'openid offline_access

1 Like

Hi @me1k,

Thanks for the update. Good to hear that it’s working now!

Feel free to reach out to us again if you have any additional questions.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.