Hi,
I have a problem with id_token expiration time (very short for my configuration) was created from refresh_token.
My configuration ID Token Expiration is 2592000 ~ 30 days (image attached below).
But the expiration time of id_token created from refresh_token is only about 4 days:
Excepted:
curl --location --request POST 'https://avacus-develop.auth0.com/oauth/token' \ --header 'Content-Type: application/json' \ --header 'Cookie: did=s%3Av0%3Ab32e98f0-eba8-11ea-a5c5-eb2ad18f2392.JPoW4WC3Nr1QHfqaSOkzgolo3Q%2B9odRCQp1Br3iojug; did_compat=s%3Av0%3Ab32e98f0-eba8-11ea-a5c5-eb2ad18f2392.JPoW4WC3Nr1QHfqaSOkzgolo3Q%2B9odRCQp1Br3iojug' \ --data-raw '{ "grant_type": "refresh_token", "refresh_token": "nFYr56LJaqOSgpWypEztyHmVENjjXmv6HfG6ine-MUoH3", "client_id": "Y5SQ0gPgsDgxriwSih5f6I5vMjPilHhn" }'
Response:
{
“access_token”: “hidden”,
“id_token”: “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuaWNrbmFtZSI6ImhpZGRlbiIsIm5hbWUiOiJoaWRkZW4iLCJwaWN0dXJlIjoiaGlkZGVuIiwidXBkYXRlZF9hdCI6IjIwMjAtMDktMDFUMDM6MTQ6NTkuNDk4WiIsImVtYWlsIjoiaGlkZGVuIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInBob25lX251bWJlciI6ImhpZGRlbiIsImlzcyI6Imh0dHBzOi8vbXktYXBwLmF1dGgwLmNvbS8iLCJzdWIiOiJoaWRkZW4iLCJhdWQiOiJoaWRkZW4iLCJpYXQiOjE1OTg5NDU1MTMsImV4cCI6MTU5OTI0NTUxM30.TdHBxTA6y9E8PycPEiSrIPwFSi0ehDajkEJznL5c-Gs”,
“scope”: “openid profile email address phone offline_access”,
“expires_in”: 86400,
“token_type”: “Bearer”
}
JWT decode id_token:
{ "nickname": "hidden", "name": "hidden", "picture": "hidden", "updated_at": "2020-09-01T03:14:59.498Z", "email": "hidden", "email_verified": true, "phone_number": "hidden", "iss": "https://my-app.auth0.com/", "sub": "hidden", "aud": "hidden", "iat": 1598945513, "exp": 1599245513 }