Frequently Asked Questions about OAuth

expires_in vs expires_at

Q: Why does OAuth use expires_in to communicate the access token expiration to the client?

A: The general consensus was that it's likely that an OAuth client has the wrong local time on the device, so a relative offset is more reliable. You can read the previous discussion of this in the mailing list archives.