Definition of "expires_in" Field in the Response of "POST /oauth/token" Endpoint

Overview

This article clarifies which token’s lifetime is represented by the expires_in field in the response from the POST /oauth/token endpoint, which can include an access token, an ID token, and a refresh token.

Applies To

  • Tokens
  • Management API
  • “POST /oauth/token” Endpoint
  • “expires_in” Field

Solution

  • The token_type and expires_in fields, present in the response of the POST /oauth/token endpoint, are defined in the OAuth 2.0 specification (RFC 6749) section 5.1.
  • According to this specification, the expires_in field indicates the lifetime of the access token.
2 Likes