question

hambrise-alan5624 avatar image
hambrise-alan5624 asked ·

authorization code Expire time

I am getting code, state but there is no expires_in time 
Response : 
codeU0pDMTFQMDFQQVM...... state:RINGCENTRAL
Can u help me how to get expires_in and what is the lifetime of authorization code
General Topic
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

anton-nikitin avatar image
anton-nikitin answered ·
Authorization code TTL is now 5 minutes by default. OAuth spec (RFC 6749) does not define any attribute to pass expires_in for authorization code. We will consider implementing it as an extension.
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tyler Liu avatar image
Tyler Liu answered ·
I think you are talking about authorization code flow. As far as I can tell, authorization code expires very quickly. You should exchange it for access_token as soon as you can. 
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Anirban avatar image
Anirban answered ·

"The authorization code must expire shortly after it is issued. The OAuth 2.0 spec recommends a maximum lifetime of 10 minutes, but in practice, most services set the expiration much shorter, around 30-60 seconds."

Ref: https://www.oauth.com/oauth2-servers/authorization/the-authorization-response/


As authorization codes are short-lived and for single-use, they are implement as self encoded and is used quickly as one can.

They also cannot be stored in db neither encouraged to do that


1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.