+ Start a Discussion
Mohan Krishnan 1Mohan Krishnan 1 

What is the expiration time of an access token?? Is it possible to extend the expiry time??

Best Answer chosen by Mohan Krishnan 1
SandhyaSandhya (Salesforce Developers) 
Hi Mohan Krishnan,

Sessions expire based on your organization's policy for sessions. As long as the app is in active use, the session won't expire. Once the session is logged out, the timeout has elapsed, or it is otherwise expired (e.g. an administrator expires all sessions for the Connected App).

There's no way to know how long it will be until your session expires. It's not exactly "trial and error," it is simply a normal process. Even if you were told that your session expired in two hours, it might not last two hours if an administrator revokes the session, the session remains in use, etc.

If you use refresh tokens, your code should first try the regular API call, and if you get a 4xx result, try using the refresh token to get a new session token, and if that fails, then you've been kicked out, and the user needs to re-authenticate to continue. If you don't use refresh tokens, you can skip the middle step, obviously
 
 
 
https://developer.salesforce.com/forums/?id=906F00000009CYiIAM 
 
https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_refresh_token_oauth.htm
 
Hope this helps you!

Please mark it as Best Answer if my reply was helpful. It will make it available for other as the proper solution.
 
Thanks and Regards
Sandhya

 

All Answers

SandhyaSandhya (Salesforce Developers) 
Hi Mohan Krishnan,

Sessions expire based on your organization's policy for sessions. As long as the app is in active use, the session won't expire. Once the session is logged out, the timeout has elapsed, or it is otherwise expired (e.g. an administrator expires all sessions for the Connected App).

There's no way to know how long it will be until your session expires. It's not exactly "trial and error," it is simply a normal process. Even if you were told that your session expired in two hours, it might not last two hours if an administrator revokes the session, the session remains in use, etc.

If you use refresh tokens, your code should first try the regular API call, and if you get a 4xx result, try using the refresh token to get a new session token, and if that fails, then you've been kicked out, and the user needs to re-authenticate to continue. If you don't use refresh tokens, you can skip the middle step, obviously
 
 
 
https://developer.salesforce.com/forums/?id=906F00000009CYiIAM 
 
https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_refresh_token_oauth.htm
 
Hope this helps you!

Please mark it as Best Answer if my reply was helpful. It will make it available for other as the proper solution.
 
Thanks and Regards
Sandhya

 
This was selected as the best answer
Lokesh Gupta 39Lokesh Gupta 39
Hi Sandhya,

Thanks for the explanation.

This is about JTW token for which my understanding is it last for long and can be used in automation/background process. 

For one of the project I generated the JWT token (https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5) by setting up the exiry to 2020. I was expecting this token will last until 2020. But apparently you have mentioned that it depends on org's session policy setting.  

There is another system which calls salesforce api with the JWT token. After generating the JWT access token it is hardcoded in that system's setting. There is no mechanism through which we can get new access token if it gets expired. 

Can you put your insight into this?

Thanks & Regards
Lokesh
Kumaresan.ManickamKumaresan.Manickam
Will refresh token ever expire? if so, what is the life time of refresh token.