Last Updated: Sep 24, 2024
Overview
The response of the “POST /oauth/token” endpoint could return three types of tokens: an access token, an ID token, and a refresh token.
This article clarifies which token’s lifetime the “expires_in” field refers to.
Applies To
- Tokens
- Management API
- “POST /oauth/token” Endpoint
- “expires_in” Field
Solution
The “token_type” and “expires_in” fields in the response of the “POST /oauth/token” endpoint are defined in the OAuth2 specification (RFC 6749).
As per the RFC above, the “expires_in” field is the lifetime of the access token.