Does oauth recommend or require request/access tokens to have a specific min/max lifetime? If not, how does one know if the tokens are actually secured?
Thanks
Asked
Active
Viewed 327 times
1 Answers
0
For OAuth 2 version, access token expiration is strongly recommended.
In the spec for access token response, it says:
expires_in:
RECOMMENDED. The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value.
Community
- 1
- 1
Felipe Elias Philipp
- 584
- 4
- 6