Specifying the expiration of M2M JWT Token

Can the expiration of a M2M JWT token be configured at the Application level, rather than at the API entity level?

Can the jwt_configuration.lifetime_in_seconds be specified during the client creation call (for an M2M app) for this purpose?

Thanks!

Hi @aza

It cannot. If you need a different lifetime, you should define a different API in Auth0.

John

Thank you @john.gateley for your answer.

Is it common to map multiple API entities are mapping to the same underlying Resource Server - just with differing JWT expirations? For example, multiple API entities mapping to api.mycompany.com?

Hi @aza

The API defined in Auth0 is an abstraction. It is not necessarily tied to a real API.
So yes, this use case is fairly common.
Just make sure your real API verifies all access tokens properly, enforcing the different security contexts (of the different Auth0 APIs) properly.

John