Auth0 Home Blog Docs

Expires_in value is always 86400

jwt
auth0
api
login
access-token

#1

Steps to reproduce

  1. Set token expiration in dashboard to less then 86400 seconds (e.g: 30 seconds) for API (Token Expiration) and Client (JWT Expiration)
  2. Obtain authentication code (code flow)
  3. Exchange CODE for TOKEN

Actual result
‘expires_in’ value is 86400

Expected Result
Value of ‘expires_in’ should match the one specified (e.g: 30) in the dashboard


#3

The expires_in applies to the access token so the client JWT expiration (applicable to the ID token) should not have an influence here.

I then did the steps you described and could not reproduce the issue, in particular:

  1. Set the Token Expiration (Seconds) in API https://test.example.com/api to 240 seconds.
  2. Perform an authorization code grant to /authorize with an audience parameter associated with the previous API.
  3. Perform the code exchange to /oauth/token.

In the above flow I got a expires_in=240; if you can reproduce this consistently you may want to update the question with an HTTP trace (after removing sensitive information like passwords, tokens and client secrets). Ideally don’t remove the client identifier as otherwise I won’t be able to cross-check settings for something that I configured differently in my test.