expires_in applies to the access token so the client JWT expiration (applicable to the ID token) should not have an influence here.
I then did the steps you described and could not reproduce the issue, in particular:
- Set the Token Expiration (Seconds) in API
https://test.example.com/api to 240 seconds.
- Perform an authorization code grant to
/authorize with an
audience parameter associated with the previous API.
- Perform the code exchange to
In the above flow I got a
expires_in=240; if you can reproduce this consistently you may want to update the question with an HTTP trace (after removing sensitive information like passwords, tokens and client secrets). Ideally don’t remove the client identifier as otherwise I won’t be able to cross-check settings for something that I configured differently in my test.