Hotfix- authorization_code_expire_seconds docs clarified

CHANGELOG.md

@@ -16,6 +16,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+### Changed
+* #1211 documentation improve on 'AUTHORIZATION_CODE_EXPIRE_SECONDS'.
+
 ## [2.2.0] 2022-10-18
 
 ### WARNING
@@ -29,7 +32,6 @@ These issues both result in `{"error": "invalid_client"}`:
 
 2. `PKCE_REQUIRED` is now `True` by default. You should use PKCE with your client or set `PKCE_REQUIRED=False` if you are unable to fix the client.
 
-
 ### Added
 * #1208 Add 'code_challenge_method' parameter to authorization call in documentation
 * #1182 Add 'code_verifier' parameter to token requests in documentation

docs/settings.rst

@@ -29,9 +29,12 @@ List of available settings
 
 ACCESS_TOKEN_EXPIRE_SECONDS
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Default: ``36000``
+
 The number of seconds an access token remains valid. Requesting a protected
 resource after this duration will fail. Keep this value high enough so clients
-can cache the token for a reasonable amount of time. (default: 36000)
+can cache the token for a reasonable amount of time.
 
 ACCESS_TOKEN_MODEL
 ~~~~~~~~~~~~~~~~~~
@@ -69,9 +72,11 @@ this value if you wrote your own implementation (subclass of
 
 AUTHORIZATION_CODE_EXPIRE_SECONDS
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Default: ``60``
+
 The number of seconds an authorization code remains valid. Requesting an access
-token after this duration will fail. :rfc:`4.1.2` recommends a
-10 minutes (600 seconds) duration.
+token after this duration will fail. :rfc:`4.1.2` recommends expire after a short lifetime,
+with 10 minutes (600 seconds) being the maximum acceptable.
 
 CLIENT_ID_GENERATOR_CLASS
 ~~~~~~~~~~~~~~~~~~~~~~~~~