exi
Registry Context
`exi` is a "Expires in". Lifetime of the token in seconds from the time the RS first sees it. Used to implement a weaker from of token expiration for devices that cannot synchronize their internal clocks. claim.
Technical Summary
Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth) Section 5.10.3 defines `exi` for JWT claim sets with the registry description: "Expires in". Lifetime of the token in seconds from the time the RS first sees it. Used to implement a weaker from of token expiration for devices that cannot synchronize their internal clocks..
When Used
Used in JWTs that follow Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth) Section 5.10.3.
Normative Requirements
Authorization servers
9200 - Section 5.10.3
add a `jti` claim to a JWT access token that contains `exi`..
Condition: When creating a JWT token using the `exi` expiration mechanism.
the AS MUST add a cti claim (or jti for JWTs) to the access token
Validation Guidance
When processing `exi`, apply the syntax and semantics from Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth) Section 5.10.3.
Treat `exi` as profile-specific unless the JWT explicitly follows the referenced specification.
Reference
Details
- Entry Id
exi- Claim Name
exi- Claim Description
"Expires in". Lifetime of the token in seconds from the time the RS first sees it. Used to implement a weaker from of token expiration for devices that cannot synchronize their internal clocks.- Change Controller
IETF- Reference
RFC9200 - Section 5.10.3