Is there a official recommendation for the access token and refresh token life time?
~ 
ahmedam55
•May 1, 2024
(Source/Credits: https://dev.to/ahmedam55/is-there-a-official-recommendation-for-the-access-token-and-refresh-token-life-time-1e6b)
title: Is there a official recommendation for the access token and refresh token life time? published: true description: tags: Refresh Token, Access Token, API, REST
Just a question that I never found an answer to it so far.
Comments section
byrro
•May 1, 2024
What do you mean by "official recommendation"? I'm not aware of any "Token Authority Foundation" setting industry standards... You should consider security, convenience, or any other factors particular to your case.
Is it an internet banking system? I'd set the token to expire in short minutes.
Is it like Facebook that wants to track and know who you are when you visit a page with a "like" widget? Probably would set to expire in months.
ahmedam55 Author
•May 1, 2024
That's really helpful. Thank you so much for your time and effort 😊
sirluis
•May 1, 2024
I never found any "official" guideline. People often recommend that access tokens must be short-lived (min. to hours) and refresh tokens can have a larger lifespan (days, weeks...).
ahmedam55 Author
•May 1, 2024
Thanks your your time and effort. That's really helpful