[keycloak-user] Access token appears to be valid even though session has expired in the background

[Scott Finlay]

Hi,

We're having issues that we receive an access token (using our refresh token)
which appears to be valid for some certain amount of time (based on the expiration
time), but that the session expires in the background some time before that
because SSO Session Max has been reached.

Here's an example experiment:

SSO Session Idle = 2min
SSO Session Max  = 3min
Access Token Lifespan = 1min


0    - create session (with client credentials)
---1m00 access token expires---
1m10 - register user (refresh token)
1m40 - register user
---2m10 access token expires---
2m40 - register user (refresh token)
---3m00 session expires---
3m10 - register user DIED HERE
---3m40 access token expires---
4m00 - register user (with client credentials)

Is there any way to make our expires time for access tokens take the session lifetime into account?
For example, if we request a new access token 10 seconds before SSO Session Max, it should say
that the token is valid for 10 seconds, not for 60 seconds.

Regards,
Scott