'Why both expires_in and access_token.exp in OAuth2 Access Token Response?

They are basically the same time (now+expires_in = access_token.exp).
So why it's returned twice?

oauth-2.0access-token


Solution 1:[1]

Because then you do not have to calculate the actual expiration date yourself, if you want to know it.

If you know a calculation is going to be done by the majority of your consumers and doesn't negatively impact performance in a significant way, why not do it yourself and save thousands (or maybe even hundreds of thousands) of consumers the need to code that calculation?

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Chrotenise

Related Questions

Sending the bearer token with axios

Rails authentication strategy

How to set token in authorization header in flutter Dio post request

Unable to access private repositoryusing github API

How to use access_token to authenticate SPA with Laravel 5.4

Error APNS device token not set before retrieving FCM Token for Sender ID

How to access tokens stored in local storage?

Auth2 implementation for JAVA EWS existing project

Validate UserIdentityToken with Javascript

Azure : How to i get the Refresh Token ? using Curl when the Output of the connection only gives Access Token

Invalid signature while validating Azure ad access token, but id token works

JMeter Test case to login over dynamic CRM

[Authorize(Roles="xx") seems no working in asp.net web api

node-oidc-provider access token format

Response from Microsoft identity provider getting delayed when implemented Open Id Connect in Angular and hence unable to login