Different JWT expiration times based on how they are generated



  • I’d like to have a longer expiration on access tokens issued from the API vs tokens issued from the OpenID Connect workflow.

    Is there a way to override the JWT duration from the API or use different settings for the API?



  • The JWT TTL can be configured per application, so if you were using a different application for OIDC vs an API - then you could do it.

    But if you don't want to use multiple applications, then it is not possible, at least currently.

    I could see a use case for asking for a JWT with a TTL equal to or less than the configuration and that request being honored, that could be a feature request. But as of right now, the only option is different applications.