OAuth Access Token Expiration

I have read many places that the access token session length is controlled by the client application and will expire “from time to time”, but I cannot find a way for my application to calculate the expiration date/time.

I have used other non-Salesforce systems and they pass along an expires_in value to help determine the expiration.

Salesforce does pass along an issued_at value, which doesn’t help me much.

Is there a way to determine when the access token will expire, or is it only based on trial and error?


Sessions expire based on your organization’s policy for sessions. Basically, as long as the app is in active use, the session won’t expire. Once the session is logged out, the timeout has elapsed, or it is otherwise expired (e.g. an administrator expires all sessions for the Connected App).

There’s no way to know how long it will be until your session expires. It’s not exactly “trial and error,” it is simply a normal process. Even if you were told that your session expired in two hours, it might not last two hours if an administrator revokes the session, the session remains in use, etc.

If you use refresh tokens, your code should first try the regular API call, and if you get a 4xx result, try using the refresh token to get a new session token, and if that fails, then you’ve been kicked out, and the user needs to re-authenticate to continue. If you don’t use refresh tokens, you can skip the middle step, obviously.

Source : Link , Question Author : Brad Ullery , Answer Author : sfdcfox

Leave a Comment