How to set access token expiry differently for different applications?

Hi Guys

We have a web app and a mobile app that is connected to Auth0. The 2 apps make use of the “audience” when generating an access token against an API and the expiry time of the access token is set according to the API. But there are situations where we want to have separate access token expiry times for both of the applications. Is this possible?

@dan.woda

Hi @mohd.ilyas,

it’s not possible to set the expiration dynamically based on client id, i.e. via Rule.

@mathiasconradt But can we create 2 different APIs and use one for mobile and one for web. Do you see any issue with this approach? I think we might need to put an extra check when verifying that access token?

Sure, that’s possible. Token expiration is set on API level, so that would work. Of course it’s a bit more inconvenient for you having to handle and verify tokens for two different audiences, though they in the end relate to the very same resource server / API of yours.

2 Likes

@mathiasconradt Yes, you are right.

1 Like