Does it makes sense when ssoSessionIdleTimeout has bigger value than
accessTokenLifespan? To me not, as if accessToken expires then
refreshToken might be already outdated as lastSessionAccess is updated
during refreshing token.
I wonder if we should update timeouts for the realm used in examples
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/t...
? Currently accessToken timeout is 50 minutes but ssoSessionIdleTimeout
is not specified, so it has default value 10 minutes. Also
accessCodeLifespanUserAction has 100 minutes, which is quite big. wdyt?
I also think if we should change default value of ssoSessionIdleTimeout
to be something like: "accessTokenLifespan + 5 minutes" instead of 10
minutes to ensure that if people don't set it, it's bigger than
accessTokenLifespan.
Marek