In our NextJS app (with next-auth library), the user session is good for 30 days. However, the API access token is only valid for 24 hours.
Where in Auth0 Dashboard can I change API token expiration? “Token expiration for browser flows” won’t let me set a value more than 86,400 (24 hrs).
Hey there @nacho!
24 hours is the max and can’t be changed - Please note that this only applies to implicit or hybrid flows as outlined here.
The Token Expiration For Browser Flows (Seconds) field refers to access tokens issued for the API via implicit and hybrid flows and does not cover all flows initiated from browsers. For example, the PKCE flow (used in auth0-js-spa SDK) can be initiated from the browser, but it refers to the Token Expiration not the Token Expiration For Browser Flows value.