I'm sorry, but the knowledge sources do not contain explicit information on how to configure the expiration time (TTL) of the session_token that is returned in the response of the submit registration flow in Ory Kratos. The documentation describes how to receive a session_token after registration (when the session hook is enabled), and it shows the structure of the response, but it does not specify a configuration option for setting the session_token's expiration independently from the session itself. The session_token is tied to the Ory Session, and its validity is generally governed by the session's expiration settings, not a separate session_token TTL parameter in the registration flow configuration. If you need to control session expiration, you may need to adjust the session lifespan or related session settings, but there is no direct reference to a session_token-specific expiration configuration in the provided sources. For more details, you may want to consult the [Ory Kratos session management documentation](https://www.ory.sh/docs/kratos/session-management/overview) or open an issue with the Ory team for clarification. If you have a different aspect of session or token expiration in mind, please clarify your question!

To configure the lifetime of the session_token issued during the registration flow in Ory Kratos, you need to set the session lifespan. The session_token's validity is directly tied to the session's lifespan, as there is no separate configuration for the session_token itself. You can configure the session lifespan using the Ory Console or by editing your configuration file. For example, to set the session lifespan to 30 days (720 hours), update your config as follows:

yaml session:   cookie:     domain: $<http://PROJECT_SLUG.projects.oryapis.com|PROJECT_SLUG.projects.oryapis.com>     name: ory_session_{name}     path: /     persistent: false     same_site: Lax   lifespan: 720h

After updating your configuration, apply it to your Ory project. The session_token issued after registration will then be valid for the duration specified in the session lifespan setting. There is no separate TTL for the session_token; it always matches the session's expiration time [Session lifespan](https://www.ory.sh/docs/kratos/session-management/session-lifespan#session-lifespan) [Successful registration](https://www.ory.sh/docs/kratos/self-service/flows/user-registration#successful-registration). If you need to change the session lifespan, follow the steps in the documentation to update your configuration and apply it to your project.

In the Ory recovery flow, when a user successfully completes account recovery, a session is issued. This session is a regular authenticated user session, not an anonymous token. The session allows the user to access their account and perform actions such as resetting their password or updating their profile information [Recovery flow behavior](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#recovery). However, the session_token issued in the recovery flow is not directly an OAuth2 access token. If you want to obtain an OAuth2 access token (for example, to access APIs protected by Ory Hydra), you need to use the session to complete the OAuth2 login flow. The session_token can be used to authenticate the user in the OAuth2 flow, which will then issue an access token upon successful completion [OAuth2 flow after recovery](https://github.com/ory/network/issues/264). In summary: - The session_token after recovery is a regular authenticated session, not an anonymous token. - To get an OAuth2 access token, you must use the session to complete the OAuth2 login flow; the session_token itself is not an access token.