"token expiration" for M2M authentication with Terraform?

Hi everyone,

I have read many posts about API authentication and people having issues when configuring M2M token lifetime.

Thanks to these posts, I have found a way to configure it:

  1. go to “Applications → APIs → the specific API → settings → Token Settings”

  2. set the “Token Expiration” parameter

This may look dumb to list those steps here, but I spent quite some time figuring them out.

What I was doing instead was:

  1. “Applications → Applications → the corresponding Machine to Machine application → Settings → ID Token”

  2. Set the ID Token Expiration

This second parameter is not the one I wanted to set (for dev purposes, I wanted to set a very short token lifetime, so I could verify my token renewal code was OK).

I am using Terraform with the official auth0 module.

When configuring a auth0_client, the jwt_configuration bloc sets the ID Token Expiration (the second one).

My questions:

  • Using Terraform, how can I configure the “correct” token lifetime (by “correct” I mean “the one I mentioned first”)?

  • (bonus) I’d like to understand the difference between those two tokens (I have read that one is an ID Token and the other one is an Access Token… well that doesn’t bring much light to me)

Best regards

Fred

PS: BTW why can’t I set the tags I want for this post like “m2m” and “token-expiration” as I can see on some posts?

Hey there @frederic.triquet welcome back to the community!

You’ll want to use the auth0_resource_server resource - Specifically token_lifetime.

The easiest way to think about this is that ID tokens are tied to authentication (who you are) whereas access tokens are tied to authorization (allow access to a resource). Here’s a great video and corresponding blog that do a great job explaining the two.

FWIW, there is no reason for an ID token to be involved in your use case and you can pretty much ignore the ID token lifetime altogether.

1 Like

Thanks a lot, that is a perfect answer.

Hey there everyone! :wave:t3:

I thought I’m gonna chime in with something that might be of your interest! We’re hosting an Ask Me Anything Session in our Forum regarding Auth0 Terraform Provider.

It’s gonna be on Thursday, September 28, 2023. Check out more info about it here!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.