Specifying the expiration of M2M JWT Token

aza · June 10, 2021, 5:57am

Can the expiration of a M2M JWT token be configured at the Application level, rather than at the API entity level?

Can the jwt_configuration.lifetime_in_seconds be specified during the client creation call (for an M2M app) for this purpose?

Thanks!

john.gateley · June 10, 2021, 1:06pm

Hi @aza

It cannot. If you need a different lifetime, you should define a different API in Auth0.

John

aza · June 10, 2021, 4:34pm

Thank you @john.gateley for your answer.

Is it common to map multiple API entities are mapping to the same underlying Resource Server - just with differing JWT expirations? For example, multiple API entities mapping to api.mycompany.com?

john.gateley · June 11, 2021, 1:39pm

Hi @aza

The API defined in Auth0 is an abstraction. It is not necessarily tied to a real API.
So yes, this use case is fairly common.
Just make sure your real API verifies all access tokens properly, enforcing the different security contexts (of the different Auth0 APIs) properly.

John

Topic		Replies	Views
"token expiration" for M2M authentication with Terraform? Help management-api , clients	4	1400	September 22, 2023
M2M and Web App Token Lifetimes Knowledge Articles token , m2m-tokens , token-lifetime , api-token	1	200	June 5, 2024
M2M Token Renewal based on expiry date Help m2m-tokens	2	3640	April 19, 2023
PKCE vs credentials grant token lifetime Help jwt , implicit-grant , client-credentials-g	6	3039	May 19, 2021
Change access token expiration based on usage Help apis , application	4	30	September 26, 2024

Specifying the expiration of M2M JWT Token

Related Topics