Expires_in is a OAuth Parameters Registry
and is RECOMMENDED
to be used to indicate the lifetime in seconds
of the Access Token
For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated.
The "expires_in" member in JSON
must be a numeric value, not a string. Unfortunately quite a few implementations have got this wrong. A likely reason is the quoted value "3600" in the RFC 6749
where "expires_in" is defined. The quotes in the text version of the RFC are only an artefact of the marked-up as a protocol value in the RFC production chain.
If omitted, the Authorization Server SHOULD provide the expiration time via other means or document the default value.
There might be more information for this subject on one of the following: