To set the expiration (lifespan) of tokens in Ory Network, you typically use the Ory CLI to adjust the configuration, as the knowledge sources do not explicitly mention setting token expiration directly through the Ory Network Console UI. The CLI allows you to configure the expiration for various token types, such as access tokens, refresh tokens, ID tokens, and authorization codes. For example, to set the access token's lifespan to two hours, you would use:

ory patch oauth2-config --project <project-id> --workspace <workspace-id> \   --replace "/ttl/access_token=\"2h\"" \   --format yaml

Similarly, you can set the refresh token's lifespan:

ory patch oauth2-config --project <project-id> --workspace <workspace-id> \   --replace "/ttl/refresh_token=\"24h\"" \   --format yaml

And for ID tokens:

ory patch oauth2-config --project <project-id> --workspace <workspace-id> \   --replace "/ttl/id_token=\"5m\"" \   --format yaml

While the Ory Console allows you to manage many aspects of your project, the knowledge sources do not provide details about setting token expiration directly via the Console UI. If you need to adjust token lifespans, use the Ory CLI as shown above [Configure token expiration time](https://www.ory.sh/docs/hydra/guides/client-token-expiration). If you are looking to set session lifespans (not OAuth2 tokens), you can do this in the Ory Console under Session Settings by entering the desired lifespan and saving the changes [Session lifespan](https://www.ory.sh/docs/kratos/session-management/session-lifespan). If you need more specific instructions for the Console UI and they are not present in the current documentation, you may need to consult the latest Ory documentation or use the CLI as described.

@chilly-king-10285 Show the cli command to get my oauth client config

To get your OAuth 2.0 client configuration using the Ory CLI, use the following command:

ory get oauth2-client <your-client-id> --project <project-id> --format json-pretty

Replace

<your-client-id>

with your OAuth2 client ID and

<project-id>

with your Ory Network project ID. You can also use other formats such as

yaml

or

json

by changing the

--format

flag as needed [ory get oauth2-client](https://www.ory.sh/docs/cli/ory-get-oauth2-client#ory-get-oauth2-client).

Yes, in Ory, refresh tokens can be used to obtain new ID tokens, provided that the original token exchange included an ID token. When a client uses a refresh token to obtain a new access token, the authorization server may also issue a new ID token. The new ID token will have an updated expiry time but will retain the same

auth_time

(the time when the user authenticated) [OAuth2 refresh token grant](https://www.ory.sh/docs/oauth2-oidc/refresh-token-grant). So, refresh tokens do work with ID tokens in Ory, as long as the initial request included the

openid

scope and an ID token was issued.