I have read many posts about API authentication and people having issues when configuring M2M token lifetime.
Thanks to these posts, I have found a way to configure it:
go to “Applications → APIs → the specific API → settings → Token Settings”
set the “Token Expiration” parameter
This may look dumb to list those steps here, but I spent quite some time figuring them out.
What I was doing instead was:
“Applications → Applications → the corresponding Machine to Machine application → Settings → ID Token”
Set the ID Token Expiration
This second parameter is not the one I wanted to set (for dev purposes, I wanted to set a very short token lifetime, so I could verify my token renewal code was OK).
I am using Terraform with the official auth0 module.
When configuring a
jwt_configuration bloc sets the ID Token Expiration (the second one).
Using Terraform, how can I configure the “correct” token lifetime (by “correct” I mean “the one I mentioned first”)?
(bonus) I’d like to understand the difference between those two tokens (I have read that one is an ID Token and the other one is an Access Token… well that doesn’t bring much light to me)
PS: BTW why can’t I set the tags I want for this post like “m2m” and “token-expiration” as I can see on some posts?
@frederic.triquet welcome back to the community!
You’ll want to use the
resource - Specifically
The easiest way to think about this is that ID tokens are tied to
authentication (who you are) whereas access tokens are tied to authorization (allow access to a resource). Here’s a great video and corresponding blog that do a great job explaining the two.
FWIW, there is no reason for an ID token to be involved in your use case and you can pretty much ignore the ID token lifetime altogether.
Thanks a lot, that is a perfect answer.
Hey there everyone!
I thought I’m gonna chime in with something that might be of your interest! We’re hosting an Ask Me Anything Session in our Forum regarding Auth0 Terraform Provider.
It’s gonna be on Thursday, September 28, 2023. Check out more info about it here!
Ask Me Anything with Auth0 Terraform Provider
The Auth0 Community is excited to invite you to our next interactive online Ask Me Anything (AMA) session on Thursday, September 28, 2023, featuring the Auth0 Terraform Provider Product Team.
Did you know that the Auth0 Terraform Provider offers a streamlined way to manage Auth0 configurations using Infrastructure as code, allowing for easy version control, automation, and integration into existing DevOps pipelines? No matter where you are in your j…
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.