Skip to main content
To homepage To homepage
Question

authorization code Expire time

  • June 5, 2017
  • 3 replies
  • 3051 views
H

I am getting code, state but there is no expires_in time

Response :

codeU0pDMTFQMDFQQVM...... state:RINGCENTRAL

Can u help me how to get expires_in and what is the lifetime of authorization code

3 replies

A
Employee
Authorization code TTL is now 5 minutes by default. OAuth spec (RFC 6749) does not define any attribute to pass expires_in for authorization code. We will consider implementing it as an extension.
T
Employee
I think you are talking about authorization code flow. As far as I can tell, authorization code expires very quickly. You should exchange it for access_token as soon as you can. 
A

"The authorization code must expire shortly after it is issued. The OAuth 2.0 spec recommends a maximum lifetime of 10 minutes, but in practice, most services set the expiration much shorter, around 30-60 seconds."

Ref: https://www.oauth.com/oauth2-servers/authorization/the-authorization-response/


As authorization codes are short-lived and for single-use, they are implement as self encoded and is used quickly as one can.

They also cannot be stored in db neither encouraged to do that


Terms & ConditionsCookie settingsAccessibility statement
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice