However, this is not the only issue. When I receive the tokens and decode them, the ID token does expire in 60 seconds but the access token expires in 1 hour - not the 60 seconds that was stated in the Auth0 Management API.
This is causing an issue with our setup as our developers looking after our Auth0 configuration are setting it as we want, but our native apps are not receiving those values
Why does the access token expiry not follow what I’ve put in the Auth0 Management API
Why does the expires_at value in the Credentials object default to 24 or 12 hours, which is very far off the 60 seconds that we want?
Are you requesting Management API tokens? The token expiry you set in your API settings only applies to tokens issued for that API. Keep in mind, the Management API =/= the Authentication API.
So I was following this documentation to set the access token expiry, which is why I thought Auth0 Management Api (which was the default API when I created the application).
If this is wrong, can you provide more insight into how to get access to the Authentication API.
The documentations (this and this) state it is really simple to change the expiry of the id and access tokens, but only id token is adhered to.
That said, even though access token comes back with 1 hour expiry, the SDK gives back 24 hours. Unfortunately after changing the value in Configure Session Lifetime Settings, the expires at value still comes back as 24 hours.
