I have set my Token Settings > Token Expiration (Seconds) to 60s so I can test refresh_token is working in quicker than 24h wait.
If I do a test in the online interface (https://manage.auth0.com/dashboard/us/nodabl-dev/apis/5c8475d783cfc512271f6ae7/test) I see that taking effect, I get an expires of 60s as expected:
curl --request POST
–url https://nodabl-dev.auth0.com/oauth/token
–header ‘content-type: application/json’
–data ‘{“client_id”:“y0R78ehphDKkoYjRkYBTAUlgkMbwfb7L”,“client_secret”:“…”,“audience”:“https://nodabl-dev.auth0.com/api/v2/",“grant_type”:"client_credentials”}’
Response:
..."expires_in":60,"token_type":"Bearer"}
However, my app is set to do custom login flow using the nextjs-auth0 module:
GitHub - Enalmada/nextjs-auth0: Next.js SDK for signing in with Auth0 (Experimental) (fork with some pull requests merged in)
My app redirects to login pages like so:
https://nodabl-dev.auth0.com/authorize?client_id=7OIXRahzY0eRRuP2EkunjQMvvPsjE3d7&scope=openid%20profile%20offline_access&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fcallback&state=yyyy&auth0Client=xxxxx&mode=login
When it returns, my expiresAt is always 24h ahead despite token set to 60s.
{ user:
{ nickname: 'adam',
name: 'adam@...',
picture:
'https://s.gravatar.com/avatar/...,
updated_at: '2019-11-11T20:36:21.821Z',
sub: 'auth0|...' },
createdAt: 1573504724682,
idToken:
'ey...',
accessToken: '...',
refreshToken: '...',
expiresAt: 1573591124 }