I am just wondering if there is a way to insert the property expires_in in a valid OAUTH response with an access token. The presence of expires_in is recommended by OAUTH but could be rather important for some applications.
From what I can see from analysing (protocol/openid-connect/token/introspect) the access tokens I get on my keycloak v20.0.x, it contains only the property exp.
Thanks in advance.
Seems that you’re mixing up the server response itself and the token.
The response contains the expires_in attribute, the tokens not, as expires_in is not a standard OIDC token claim, but only a response attribute. expires_in is in the response at the same level as access_token or id_token.
The tokens contain the exp claim, as defined in the JWT spec, because they are in JWT format.
So, everything is working properly like expected.
1 Like
You are perfectly right. Sorry for the mix-up
1 Like