Menu
Does anyone know what the expiration period of an OAuth Access Token is?
931
By default, an access token for a custom API is valid for 86400 seconds (24 hours). We recommend that you set the validity period of your token based on the security requirements of your API. For example, an access token that accesses a banking API should expire more quickly than one that accesses a to-do API.
This can be done using the following steps: convert expires_in to an expire time (epoch, RFC-3339/ISO-8601 datetime, etc.) store the expire time. on each resource request, check the current time against the expire time and make a token refresh request before the resource request if the access_token has expired.
This depends on the organization policy for the Oauth implementation. Typically the lifetime of the token last from several hours to couples of weeks oauth2 Documentation. What can be derived from the Amazon Amazon: Access Tokens, Facebook Facebook:Expiration and Extension of Access Tokens, Salesforce salforce forum, and google documentation is the lifetime of access is usually within 24 hours, typically, 1 hour to 2 hours. The refresh token stay alive for longer period which is used to invalidate the access token. furthermore, A short survey of the desired category application would be helpful. For example, I am currently working on eCommerce app, so, I am going to find out how long is the lifetime of the access token in the other application of the same category like Amazon and wallmart.
Update:
eCommerce applications and payment gateways has the access token lifetime within 10 hours. while, Social media applications has access token lifetime up to six months.
60
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
