This is going to be interesting, even when you use: OAuth 2.0 Client Credentials Setup for Machine to Machine Authentication and you generate a certificate specifying the days it would only consider it valid for 1 month, it does not matter if your cert was created with a validity of 1 year.