We are using Keycloak in production and wanted to make a change to it to handle tokens that are about to expire.  We have a number of services that rely on the bearer token sent from our web servers for authentication.  Users will land on the web server, we verify their token is alive,  and send the bearer token to a service.  Our issue is sometimes the user has an extremely small amount of time left, the bearer token expires by the time we do the security checks on the services, and the request fails.

We are considering adding a minimum TTL in RefreshableKeycloakSecurityContext that will refresh an active token if it has less than a configurable amount of time left before it expires.  This will let us build a time window that will prevent the token from expiring when interacting with services under normal circumstances.

Would you be interested in our work on this or have any interest to do this yourselves?  I can create a Jira and a pull request if you want us to implement this feature.

Thanks,

Ben