As per https://www.rfc-editor.org/rfc/rfc8693 it is recommended that expires_in for the returned token be asserted. We don't do this now since the returned token is a JWT. We should possibly assert it in the future? Apparently some libraries expect it.
As per https://www.rfc-editor.org/rfc/rfc8693 it is recommended that expires_in for the returned token be asserted. We don't do this now since the returned token is a JWT. We should possibly assert it in the future? Apparently some libraries expect it.