expires_in

Java Architecture Diary

Apr 7, 2020 · Information Security

Why OAuth2 Tokens Miss expires_in and How Spring Security Handles It

The article examines why the demo environment of pig4cloud returns an OAuth2 access token without the expires_in field, contrasts it with a local deployment, analyzes the Spring Security OAuth2 token generation code, and explains that according to the OAuth2 specification the expires_in parameter should be returned even for permanently valid tokens.