Overview
This article clarifies which token’s lifetime is represented by the expires_in
field in the response from the POST /oauth/token
endpoint, which can include an access token, an ID token, and a refresh token.
Applies To
- Tokens
- Management API
- “POST /oauth/token” Endpoint
- “expires_in” Field
Solution
- The
token_type
andexpires_in
fields, present in the response of thePOST /oauth/token
endpoint, are defined in the OAuth 2.0 specification (RFC 6749) section 5.1. - According to this specification, the
expires_in
field indicates the lifetime of the access token.