<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Lifetime of the Okta Minted JSON Web Tokens(JWT)
Mar 13, 2026
API Access Management
Okta Classic Engine
Overview

This article explains the default and configurable lifetimes of Okta-minted JSON Web Tokens (JWT) for both Org and Custom Authorization Servers.
 

Applies To
  • OpenID Connect/OAuth 2.0 applications
  • API Access Management
  • JSON Web Tokens (JWT)
  • Org Authorization Server
  • Custom Authorization Server
  • Default Custom Authorization Server
  • Okta Classic Engine
Solution

The lifetime of a JWT depends on the type of authorization server that issued it.

 

Org Authorization Server

When using the built-in Org Authorization Server, the token lifetimes are hard-coded and cannot be modified. The values are as follows:

  • ID Token: 60 minutes.
  • Access Token: 60 minutes.
  • Refresh Token: 90 days.

Custom Authorization Server

When using a Custom Authorization Server or the Default Custom Authorization Server, token lifetimes are configurable within specific ranges.

 

Token Type

Minimum Lifetime

Maximum Lifetime

Configuration Method

ID Token

5 minutes

24 hours

Token Inline Hook

Access Token

5 minutes

24 hours

Access Policies or Token Inline Hook

Refresh Token

10 minutes

Unlimited

Access Policies

Related References

Recommended content

Still looking for help?
Loading
Lifetime of the Okta Minted JSON Web Tokens(JWT)