oauth2.dev

exi

IETF

Registry Context

`exi` is a "Expires in". Lifetime of the token in seconds from the time the RS first sees it. Used to implement a weaker from of token expiration for devices that cannot synchronize their internal clocks. claim.

Technical Summary

Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth) Section 5.10.3 defines `exi` for JWT claim sets with the registry description: "Expires in". Lifetime of the token in seconds from the time the RS first sees it. Used to implement a weaker from of token expiration for devices that cannot synchronize their internal clocks..

When Used

Used in JWTs that follow Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth) Section 5.10.3.

Normative Requirements

Authorization servers

MUST
1
  1. 9200 - Section 5.10.3

    add a `jti` claim to a JWT access token that contains `exi`..

    Condition: When creating a JWT token using the `exi` expiration mechanism.

    the AS MUST add a cti claim (or jti for JWTs) to the access token

Validation Guidance

error

When processing `exi`, apply the syntax and semantics from Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth) Section 5.10.3.

info

Treat `exi` as profile-specific unless the JWT explicitly follows the referenced specification.

Reference

Details

Entry Id
exi
Claim Name
exi
Claim Description
"Expires in". Lifetime of the token in seconds from the time the RS first sees it. Used to implement a weaker from of token expiration for devices that cannot synchronize their internal clocks.
Change Controller
IETF
Reference
RFC9200 - Section 5.10.3