Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OAuth - Access Token expiration period?

Tags:

oauth

twitter

Does anyone know what the expiration period of an OAuth Access Token is?

like image 931
Neil Knight Avatar asked Jul 06 '10 10:07

Neil Knight


People also ask

How long is an access token valid?

By default, an access token for a custom API is valid for 86400 seconds (24 hours). We recommend that you set the validity period of your token based on the security requirements of your API. For example, an access token that accesses a banking API should expire more quickly than one that accesses a to-do API.

How can I check my OAuth token expiry date?

This can be done using the following steps: convert expires_in to an expire time (epoch, RFC-3339/ISO-8601 datetime, etc.) store the expire time. on each resource request, check the current time against the expire time and make a token refresh request before the resource request if the access_token has expired.


1 Answers

This depends on the organization policy for the Oauth implementation. Typically the lifetime of the token last from several hours to couples of weeks oauth2 Documentation. What can be derived from the Amazon Amazon: Access Tokens, Facebook Facebook:Expiration and Extension of Access Tokens, Salesforce salforce forum, and google documentation is the lifetime of access is usually within 24 hours, typically, 1 hour to 2 hours. The refresh token stay alive for longer period which is used to invalidate the access token. furthermore, A short survey of the desired category application would be helpful. For example, I am currently working on eCommerce app, so, I am going to find out how long is the lifetime of the access token in the other application of the same category like Amazon and wallmart.

Update:

eCommerce applications and payment gateways has the access token lifetime within 10 hours. while, Social media applications has access token lifetime up to six months.

enter image description here

like image 60
Irfan Ul Haq Avatar answered Sep 19 '22 17:09

Irfan Ul Haq