Ideally sessions like that should also be persisted, otherwise they'd get
lost during upgrades or other downtime of the server.
On Tue, 21 May 2019 at 10:41, Stian Thorgersen <sthorger(a)redhat.com> wrote:
This would be very relevant both for mobile and IoT. It would be
something
we'd be interested in having a contribution around.
A few points from me:
* Add a new session type for the realms which is longer duration. It
should still have some timeouts as otherwise it will never be cleared up.
* Configurable session type per client?
* Request longer duration session type with scope?
On Mon, 20 May 2019 at 11:32, Federico Michele Facca <
federico.facca(a)martel-innovate.com> wrote:
> Dear All,
> to better support IoT devices, we are looking to support longer expiration
> for specific tokens
> (when using a specific scope - in a similar way to offline_access scope).
> We have been looking into:
>
https://github.com/looorent/keycloak-configurable-token-api
>
> The issue is that, while using this plugin it is possible to extend the
> life of a token,
> the underlying session will anyhow expire based on the max duration of
> token lifespan,
> so if you validate the token after the session expiration, the validation
> will say that the token
> is not active.
>
> What could be a non intrusive way to support extending the life of
> specific
> sessions associated
> to such tokens? (i.e. without making changes to the core code).
>
> We thought about changing the started value in the session an put it in
> the
> future, but this is not actually possible. Only getStarted is available on
> UserSessions. An other alternative would be to set a very long token
> lifespan for the client , but the all tokens will have such long life
> (which is not what we aim for).
>
> Any feedback / idea is welcome :)
>
> Cheers,
> Federico
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>