JWT expiration 2 hours regardless of ID Token Expiration setting

I have a Single Page Application, and under the Application Settings -> Application Tokens -> ID Token Expiration, I set the value to 86400.

However, the JWT received after the code exchange flow only has a 2 hour expiresIn value. Why is that?

Hey there!

Not sure what is happening here. Let me research that!

1 Like

Hi there!

I am facing the same issue. Was there a solution to this?

Best,
John.

@konrad.sopala do you have any update?

The expires_in response parameter which an SDK is likely mapping to expiresIn applies to the expiration of the access token (it is not the expiration of the ID token)

Thanks. Is there a way to increase the timeout of the access token, without renewing the session?

Technically yes but it’s not advisable:

You should be using short-lived tokens to minimize security risks.

Thank you. After the 2 hour expiration of the access token, can I renew it using the method webAuth.checkSession, or do I have to call webAuth.authorize()? (https://auth0.com/docs/libraries/auth0js/v9)

Currently, I have a silent auth flow, and if the parseHash comes back with an error of login_required, I am calling webAuth.authorize() again without prompt: "none". I am wondering, in the case of this error, that I should try doing webAuth.checkSession to renew the access token?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.