What are the best practices regarding token expiration


I’ve configured a single-page application with refresh tokens and refresh token expiration. I am curious to know what would be the best practices for setting the ID token expiration, reuse interval, absolute lifetime and inactivity lifetime.

Thank you

Hi @vuscan.marius,

Welcome to the Auth0 Community!

The short answer is that it is case-dependent. Generally, the ID token expiration has a default expiration of 36000 seconds (10 hours). However, if security is a concern, then you can shorten the time period before the token expires. [Refence doc: ID Tokens]

I recommend reviewing our https://auth0.com/docs/secure/tokens/token-best-practices documentation as well.

Please let me know if you have any additional questions. I’d be happy to help!


1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.