Dynamic expiration time for access tokens?


#1

With Hydra is it possible to create access tokens with a dynamically configurable expiration time?

We have a scenario where we would like to generate long-lived access tokens to act as API keys as outlined here: https://auth0.com/blog/using-json-web-tokens-as-api-keys/

We’re aware that a long lived access token is less secure, however we think it is acceptable for our scenario. This is for a school where the protected resources are not sensitive and we are trying to make it very easy for student developers to access the APIs while not leaving them completely open. While we could roll our own solution for this scenario, we also have need for more typical OAuth scenarios and would ideally prefer an integrated solution.

Thanks!


#2

Will these tokens be public knowledge (e.g. Google Maps API Keys)?