This article clarifies which token's lifetime is represented by the expires_in field in the response from the POST /oauth/token endpoint, which can include an access token, an ID token, and a refresh token.

• Tokens
• Management API
• "POST /oauth/token" Endpoint
• "expires_in" Field

• The token_type and expires_in fields, present in the response of the POST /oauth/token endpoint, are defined in the OAuth 2.0 specification (RFC 6749) section 5.1.
• According to this specification, the expires_in field indicates the lifetime of the access token.