Access Token Does not Contain Expiration Time

Sessions
Sep 10, 2025
Overview
After a successful login, the access token returned does not have an exp claim to indicate the expiration. Is there a way to determine when the access token will expire?
Cause
There is no exp claim if the access token is an Opaque access token. 
Solution
Opaque Access Tokens are intended to be used at the /userinfo endpoint, and will not have the standard claims of a regular JWT access token. An opaque access token is returned if an audience parameter with an API identifier is not included in the /authorize request.

Access tokens issued strictly for the purpose of accessing the OIDC /userinfo endpoint have a default lifetime and can't be changed. The length of lifetime depends on the flow used to obtain the token:
FlowLifetime
Implicit7200 seconds (2 hours)
Authorization Code/Hybrid        86400 seconds (24 hours)

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community