I am receiving a profile with an id token and have set the id token expiration time for 30days and I want to logout the user immediately after he is deleted from the database since the id token expiration time is soo high and since its also a requirement I cant reduce it.
Whats are the solutions to this problem?
ID Tokens are self-contained JWT tokens, and if your logic depends on the ID tokens: do you really need such long token expiration time, and/or do you need these ID tokens at all or can’t you just rely on short-lived access (and refresh) tokens where you fetch the user info from the /userinfo endpoint with the access token instead?
Can you elaborate why the long expiration time is a requirement? What’s the thought behind it?
1 Like
because user is getting logged out after 24 hrs
Ok, but I don’t understand how these 24hrs relate to the ID token expiration of 30 days.