Skip to content

Instantly share code, notes, and snippets.

@laser

laser/access-token-lifespan.md

Last active April 1, 2016 18:14
Show Gist options
  • Save laser/3d9b63c5f6b415e14538e514ae763ce5 to your computer and use it in GitHub Desktop.
Save laser/3d9b63c5f6b415e14538e514ae763ce5 to your computer and use it in GitHub Desktop.
Download ZIP
How long should access tokens (implicit grant) last for?
Raw
access-token-lifespan.md

Fitbit

https://dev.fitbit.com/docs/oauth2/

Access tokens from the Implicit Grant Flow are longer lived than tokens from the Authorization Code Grant flow. Users may specify the lifetime of the access token from the authorization page when an application uses the Implicit Grant flow. The access token lifetime options are 1 day, 1 week, and 30 days. Applications can pre-select a token lifetime option, but the user ultimately decides.

Facebook

https://developers.facebook.com/docs/facebook-login/access-tokens#usertokens

Short-lived tokens usually have a lifetime of about an hour or two, while long-lived tokens usually have a lifetime of about 60 days.

Drahak

https://componette.com/drahak/oauth2/

//redirect_uri/#access_token=AnlSCIWYbchsCc5sdc5ac4caca8a2&expires_in=3600&token_type=bearer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment