I have successfully enabled Auth0 for my AngularJs client application and I am using the Auth0 token to security access my C# Web API. I am not working on making calls from my API to the Google API in order to read my users calendar and other scopes they agreed to.
I followed the tutorials and I have successfully retrieved my user’s Google access_token by calling the Auht0 management API.
When does that access_token expire? I noticed that in the list of Identities, the google-oauth2 entry has an “expires_in” field that is equal to 3599.
Can this value be used?
Is it seconds or minutes?
It is 3599 from what? Is it from the user’s last Auth0 login date time?
Essentially, I am trying to figure out if I can look at that time and realize that the Google access_token has expired and get a new one.
As you can see here:
-
Identity Provider Access Tokens
Since this token is a third-party access token, the vality (hence, the expiration time) is managed by the IdP (in your case, Google OAuth 2.0)
The number in expires_in
is in seconds and refer to the lifetime of the token.
You have the option for renew or revoke the token, as is shown here:
Thanks so much for your response! I have two follow up questions.
Your explanation was as I had guessed, and that number is the number of seconds my token is valid for. But, when was the starting time? Is it from now or from when the user last logged into Auth0?
I am already pulling my idp tokens from api/users endpoint. I see that I need to add the access_type=offline to my request to get that to work. I am using this AngularJS client and I don’t know where to set that option. Do you have any idea?
The starting time is when the token is generated, meaning when you call the endpoints /authorize
or /oauth/token
, so, when you make the API call, the token is generated and that token will be valid for the amount of seconds that the field expires_in
is set to.
Are you using Lock? if so, the access_type=offline
is added as an extra param in the auth.params
object in the options
(As shown here: https://auth0.com/docs/libraries/lock/v10/customization#auth-object-)
If you are using Auth0.js, you set the option in WebAuth
, you can follow this quickstart to see the options.
Thanks. I realized yesterday I was user V9. I upgraded to v!0 and I was able to set the access_type correctly.