<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
JWT Not Respecting Session Lifetime Configured in the Okta Sign On Policy
Mar 24, 2026
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview

The JSON Web Token (JWT) expires after 60 minutes, even though the Sign On Policy has a Session Lifetime of a different value (for example, 120 minutes).

Applies To
  • OpenID Connect (OIDC)/OAuth
  • JSON Web Token (JWT)
  • Okta Classic Engine
  • Okta Identity Engine (OIE)
Cause

The JWT validity/lifetime is independent of the Session Lifetime defined in any of the Okta Sign-On Policies. To change the JWT validity/lifetime, it must be modified in the Authorization Server configuration, which requires the API Access Management feature. Default values for JWT can be found in the Token lifetime article.

Solution

To modify the JWT validity/lifetime, the access policy/rule must be modified in the Authorization Server settings. To do this, navigate to the Okta Admin Console Security API Authorization Server Access Policy Rule

More details on how to modify Access Policies and Rules can be found in Create access policies documentation.

Recommended content

Still looking for help?
Loading
JWT Not Respecting Session Lifetime Configured in the Okta Sign On Policy