[keycloak-user] access token valid for more than expiry time by milli seconds

Rahul R 1rahulr at gmail.com
Tue Nov 14 00:10:37 EST 2017


Hi,
     We have a keycloak set up where the Access Token Lifespan is set to 5
minutes. Now we get the access token using the following command :
curl  -d "client_id=admin-cli" -d "username=admin_user"   -d
"password=admin_user"   -d "grant_type=password"   "
http://192.168.56.101:8080/auth/realms/REALM/protocol/openid-connect/token"

Now if we use the following command to get the user details
 curl -H "Authorization: bearer "access token value got earlier"  "
http://192.168.56.101:8080/auth/realms/REALM/protocol/
openid-connect/userinfo"

The expectation is that the second command works till the token expiry time
which is 5 minutes and after 5 minutes the token not valid error should be
seen. But while running the tests multiple times,  we are seeing that
sometimes the token is valid for more than 5 minutes by almost 500
milliseconds.

Has anyone seen such a behaviour ? Is this is a keycloak bug  or a
behaviour only seen in my machine?

Thanks
Rahul


More information about the keycloak-user mailing list