Changing the Duration of Access Tokens and Refresh Tokens and Their Behavior

kito.hirokazu · February 7, 2024, 4:33am

What happens to already issued access tokens and refresh tokens when their durations are changed?

Do already issued tokens become invalidated?
Does the duration of already issued tokens remain as it was before the change, or is the new duration applied?

marcelina.barycka · February 9, 2024, 11:38am

Hi @kito.hirokazu , thank you for posting your questions!

An already issued ID and Access token will be valid for the period they were originally issued for. There is no automate way to invalidate them thus there would be a need to actively logged users out. Revoke Tokens

In case of refresh tokens, the expiry time will also be as initially set, but you can revoke them (once revoked, they will be invalidated). Revoke Refresh Tokens

I remain available in case of follow-up questions!

system · February 23, 2024, 11:38am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Access token refreshing after Tenant session timeout Help authentication , refresh-tokens	10	10492	May 27, 2020
Revoke refresh tokens after password change Help	3	6571	September 10, 2021
Seemingly able to renew access_token with expired id_token Help id_token , access-token , expiration	7	6434	July 25, 2019
Sanity checking refresh token expiration Help refresh-tokens	2	2772	October 15, 2020
Auth0 unlink Refresh token Help auth0	4	3031	July 13, 2020

Changing the Duration of Access Tokens and Refresh Tokens and Their Behavior

Related topics