I am getting code, state but there is no expires_in time
Response :
codeU0pDMTFQMDFQQVM...... state:RINGCENTRAL
Can u help me how to get expires_in and what is the lifetime of authorization code
Authorization code TTL is now 5 minutes by default. OAuth spec (RFC 6749) does not define any attribute to pass expires_in for authorization code. We will consider implementing it as an extension.
I think you are talking about authorization code flow. As far as I can tell, authorization code expires very quickly. You should exchange it for access_token as soon as you can.
"The authorization code must expire shortly after it is issued. The OAuth 2.0 spec recommends a maximum lifetime of 10 minutes, but in practice, most services set the expiration much shorter, around 30-60 seconds."
Ref: https://www.oauth.com/oauth2-servers/authorization/the-authorization-response/
As authorization codes are short-lived and for single-use, they are implement as self encoded and is used quickly as one can.
They also cannot be stored in db neither encouraged to do that
3 People are following this question.
