[DOCS] Document default OAuth token `expires_in` behavior when omitted

Resolved 💬 3 comments Opened Oct 6, 2025 by bgaidioz Closed Jan 9, 2026

Documentation Type

Missing documentation (feature not documented)

Documentation Location

https://docs.claude.com/en/docs/claude-code/overview

Section/Topic

Settings

Current Documentation

I believe this isn't documented. Not sure where this should go, though.

What's Wrong or Missing?

Claude Code assumes a 3600s expiry time when an OAuth token is issued with expires_in omitted.

RFC 6749 Section 5.1 states that expires_in is OPTIONAL, it doesn't clearly specify what clients should do when this field is omitted and no alternative expiry information is provided.

I was assuming the absence of expires_in would lead to an infinitely lasting token.

Suggested Improvement

Request for clarification:

  1. Is the 3600-second default intentional?
  2. Could this be documented?

This would help OAuth server implementers understand expected client behavior.

Impact

Medium - Makes feature difficult to understand

Additional Context

Token with an expiry:

{
  "access_token": ".............................",
  "token_type": "Bearer",
  "expires_in": 4321,
  "scope": "openid profile email"
}

Claude's debug.txt shows it was taken into account:

[DEBUG] MCP server "identity": Returning tokens
[DEBUG] MCP server "identity": Token length: 68
[DEBUG] MCP server "identity": Has refresh token: false
[DEBUG] MCP server "identity": Expires in: 4320s

Token without an expiry:

{
  "access_token": ".............................",
  "token_type": "Bearer",
  "scope": "openid profile email"
}

debug.txt shows 3600s was assumed.

[DEBUG] MCP server "identity": Returning tokens
[DEBUG] MCP server "identity": Token length: 68
[DEBUG] MCP server "identity": Has refresh token: false
[DEBUG] MCP server "identity": Expires in: 3599s

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗