Definition of "expires_in" Field in the Response of "POST /oauth/token" Endpoint

Last Updated: Sep 24, 2024

Overview

The response of the “POST /oauth/token” endpoint could return three types of tokens: an access token, an ID token, and a refresh token.
This article clarifies which token’s lifetime the “expires_in” field refers to.

Applies To

  • Tokens
  • Management API
  • “POST /oauth/token” Endpoint
  • “expires_in” Field

Solution

The “token_type” and “expires_in” fields in the response of the “POST /oauth/token” endpoint are defined in the OAuth2 specification (RFC 6749).

As per the RFC above, the “expires_in” field is the lifetime of the access token.

1 Like