Hi everyone,
I have read many posts about API authentication and people having issues when configuring M2M token lifetime.
Thanks to these posts, I have found a way to configure it:
-
go to “Applications → APIs → the specific API → settings → Token Settings”
-
set the “Token Expiration” parameter
This may look dumb to list those steps here, but I spent quite some time figuring them out.
What I was doing instead was:
-
“Applications → Applications → the corresponding Machine to Machine application → Settings → ID Token”
-
Set the ID Token Expiration
This second parameter is not the one I wanted to set (for dev purposes, I wanted to set a very short token lifetime, so I could verify my token renewal code was OK).
I am using Terraform with the official auth0 module.
When configuring a auth0_client, the jwt_configuration bloc sets the ID Token Expiration (the second one).
My questions:
-
Using Terraform, how can I configure the “correct” token lifetime (by “correct” I mean “the one I mentioned first”)?
-
(bonus) I’d like to understand the difference between those two tokens (I have read that one is an ID Token and the other one is an Access Token… well that doesn’t bring much light to me)
Best regards
Fred
PS: BTW why can’t I set the tags I want for this post like “m2m” and “token-expiration” as I can see on some posts?
