[keycloak-dev] Offline Session Max for Offline Token
乗松隆志 / NORIMATSU,TAKASHI
takashi.norimatsu.ws at hitachi.com
Thu Jun 14 02:36:21 EDT 2018
Hello,
I've found that keycloak does not support Offline Session Max related to Offline Token while supports SSO Session Max related to Refresh Token.
For authorization of REST API services, long life(not infinite, such as 60days) refresh token is required, offline access and persistency in keycloak side are also expected.
Therefore, Offline Session Max is required for offline token.
For example, consulting MS Azure, it has already supported this concept.
https://docs.microsoft.com/en-US/azure/active-directory/develop/active-directory-token-and-claims#token-revocation
I would like to try to implement this feature.
Best regards,
Takashi Norimatsu
Hitachi Ltd.,
More information about the keycloak-dev
mailing list