Add dedicated token lifetime for client credentials grant

Author: sajanp

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 ## [Unreleased](https://github.com/laravel/passport/compare/v13.4.4...13.x)
 
+* [13.x] Add dedicated token lifetime for client credentials grant by [@sajanp](https://github.com/sajanp) in https://github.com/laravel/passport/pull/1880
+
 ## [v13.4.4](https://github.com/laravel/passport/compare/v13.4.3...v13.4.4) - 2026-02-09
 
 * [13.x] Supports Laravel 13 by [@crynobone](https://github.com/crynobone) in https://github.com/laravel/passport/pull/1885

src/Passport.php

@@ -74,6 +74,11 @@ class Passport
      */
     public static ?DateInterval $personalAccessTokensExpireIn = null;
 
+    /**
+     * The interval when client credentials tokens expire.
+     */
+    public static ?DateInterval $clientCredentialsTokensExpireIn = null;
+
     /**
      * The name for API token cookies.
      */
@@ -324,6 +329,20 @@ public static function personalAccessTokensExpireIn(DateTimeInterface|DateInterv
             : $date;
     }
 
+    /**
+     * Get or set when client credentials grant tokens expire.
+     */
+    public static function clientCredentialsTokensExpireIn(DateTimeInterface|DateInterval|null $date = null): ?DateInterval
+    {
+        if (is_null($date)) {
+            return static::$clientCredentialsTokensExpireIn;
+        }
+
+        return static::$clientCredentialsTokensExpireIn = $date instanceof DateTimeInterface
+            ? Date::now()->diff($date)
+            : $date;
+    }
+
     /**
      * Get or set the name for API token cookies.
      */

src/PassportServiceProvider.php

@@ -158,7 +158,7 @@ function (AuthorizationServer $server): void {
                 }
 
                 $server->enableGrantType(
-                    new ClientCredentialsGrant, Passport::tokensExpireIn()
+                    new ClientCredentialsGrant, Passport::clientCredentialsTokensExpireIn() ?? Passport::tokensExpireIn()
                 );
 
                 if (Passport::$implicitGrantEnabled) {

tests/Feature/ClientCredentialsGrantTest.php

@@ -16,6 +16,8 @@ class ClientCredentialsGrantTest extends PassportTestCase
 
     protected function setUp(): void
     {
+        Passport::$clientCredentialsTokensExpireIn = null;
+
         parent::setUp();
 
         Passport::tokensCan([
@@ -114,4 +116,20 @@ public function testUnauthorizedClient()
             $json['error_description']
         );
     }
+
+    public function testCustomClientCredentialsTokenExpiration()
+    {
+        Passport::clientCredentialsTokensExpireIn(new \DateInterval('P7D'));
+
+        $client = ClientFactory::new()->asClientCredentials()->create();
+
+        $json = $this->post('/oauth/token', [
+            'grant_type' => 'client_credentials',
+            'client_id' => $client->getKey(),
+            'client_secret' => $client->plainSecret,
+        ])->assertOk()->json();
+
+        // 7 days = 604800 seconds
+        $this->assertEqualsWithDelta(604800, $json['expires_in'], 2);
+    }
 }