Definition of "expires_in" Field in the Response of "POST /oauth/token" Endpoint

rueben.tiow · July 20, 2023, 11:14pm

Last Updated: Sep 24, 2024

Overview

The response of the “POST /oauth/token” endpoint could return three types of tokens: an access token, an ID token, and a refresh token.
This article clarifies which token’s lifetime the “expires_in” field refers to.

Applies To

Tokens
Management API
“POST /oauth/token” Endpoint
“expires_in” Field

Solution

The “token_type” and “expires_in” fields in the response of the “POST /oauth/token” endpoint are defined in the OAuth2 specification (RFC 6749).

As per the RFC above, the “expires_in” field is the lifetime of the access token.

Topic		Replies	Views
Expires_in value is always 86400 SOLVED Help jwt , auth0 , expiration	3	15595	February 9, 2020
How to check access_token is expired? Help	4	10102	February 25, 2022
Control expires_in value for SPA Help auth0 , spa , login	7	2933	July 30, 2021
Need help changing token expiration time in Authentication API response Help sessions , authentication-sessions	10	3745	May 16, 2023
Inconsistency around the rotating refresh tokens Knowledge Articles	1	935	June 15, 2023

Definition of "expires_in" Field in the Response of "POST /oauth/token" Endpoint

Overview

Applies To

Solution

Related Topics