I’ve got an application that sends Auth0 client credentials and receives a token in return which can be used to later on to access a protected resource. Now I’ve set the expiration time of the token to 60 seconds as demonstrated in the picture below, and yes I did press save. Also, I included an image of my console containing the output of the post request to retrieve the token, and you can see clearly that it states its expiration in 60 seconds. The problem is when I initiate a request to the access the protected resource after the elapsed time, 60 seconds, it still works! So, am I missing a critical configuration part or what?!
I don’t precisely trigger a request after the passage of 60 seconds; I wait for about minute or two later just to be sure.
I can’t really share the full token but here are the parts you could make a use of:
"exp": 1504779400, "iat": 1504779340, "scope": "read:resource_servers update:resource_servers"
BTW, I’m using Kong – https://getkong.org/ to use the tokens after retrieving them to access my protected resources.
And to be honest I’m not really sure about the consumers part, so in general could have contributed to this problem?!