M2M and Web App Token Lifetimes


This article is for those who desire to set a longer token lifetime setting for M2M applications and a shorter one for a single-page app when the token expiration setting in the API configuration applies to both.


Currently, there are two separate values that can be set within the API configuration settings to adjust the access token lifetime (expiration time):

  1. Token Expiration (Seconds)

    This is the default setting that will apply to all tokens issued inflows not captured by the below setting.

  2. Token Expiration For Browser Flows (Seconds)

    This setting will adjust the access token lifetime for tokens issued for the API via implicit and hybrid flows.

Currently, it is not possible to set a different expiration for authorization code and client credential flows, as these are both captured under the first expiration setting outlined above.

The recommended approach would be to configure two separate APIs in Auth0, one for the M2M application and one for the user-facing application.