I’ve configured a single-page application with refresh tokens and refresh token expiration. I am curious to know what would be the best practices for setting the ID token expiration, reuse interval, absolute lifetime and inactivity lifetime.
Welcome to the Auth0 Community!
The short answer is that it is case-dependent. Generally, the ID token expiration has a default expiration of 36000 seconds (10 hours). However, if security is a concern, then you can shorten the time period before the token expires. [Refence doc: ID Tokens]
I recommend reviewing our https://auth0.com/docs/secure/tokens/token-best-practices documentation as well.
Please let me know if you have any additional questions. I’d be happy to help!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.