Hello,
I’ve configured a single-page application with refresh tokens and refresh token expiration. I am curious to know what would be the best practices for setting the ID token expiration, reuse interval, absolute lifetime and inactivity lifetime.
Thank you
Hi @vuscan.marius,
Welcome to the Auth0 Community!
The short answer is that it is case-dependent. Generally, the ID token expiration has a default expiration of 36000 seconds (10 hours). However, if security is a concern, then you can shorten the time period before the token expires. [Refence doc: ID Tokens]
I recommend reviewing our Token Best Practices documentation as well.
Please let me know if you have any additional questions. I’d be happy to help!
Thanks,
Rueben