Access Token lifetime

Hello there, I have a question about the expiration of the access token that I didn’t find anywhere else, that’s why I come to this topic.

In my app, the access tokens i get have a validity of approximately 10000~15000 seconds in “expires_in”. which is relatively little for what I need.

On this page, it says:

The lifetime of an access token depends on how you acquired the token.

My doubt is; How can I get a token that lasts as long as possible?
Using the OIDC implicit grant flow method:

Does the Access token have a longer lifetime?

Obs: Of course, I will have to refresh the access token with refresh_token when it expires anyway, however, what I want is for it to last longer on its own.

You cannot get a longer lasting token than what you have found.

When an access token expires you use refresh token (if it’s refreshable) to get a new token.

And OIDC JWT (last I checked) cannot be refreshed so you extract the needed user data and away you go. The JWT is just a limited time block of user information (broadly speaking) and can’t be used with endpoints (beyond my info)

You can check how long an access token will last when you acquire the token or by using the validate token endpoint

1 Like

I undestand, however, i noticed that tokens i got when i use this site: Twitch Chat Password Generator
last waay more time than access tokens got in my app.

on the website says " Technical: This application uses the implicit grant flow for the Twitch API to retrieve your token.".

Is there any reason for that diference?

Generally speaking implicit (and client creds) which are not refreshable, are 60 days. And regular/refreshable tokens are 4 hours but refreshable (DCF is different and not going into details on DCF refer to the docs/RFC)

1 Like

So OIDC implicit grant flow tokens lasts 60 days, nice, that is what i need, thank you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.