[keycloak-user] When should auth_time claim be updated?

Friday, 21 July 2017

Hi

We are working with keycloak v3.2.0  and are using 'prompt=login' to initiate a
re-authentication for sensitive actions, and we use the auth_time claim to determine if
this should occur.

Ordinarily each time we redirect to the auth endpoint with 'prompt=login' the
auth_time is updated to the time that the authentication occurred.

However, if we then redirect to the auth endpoint and the cookie is valid and used, any
subsequent time after this authentication that we use the auth endpoint with
'prompt=login' the auth_time claim is not updated.

Is this intended behaviour?

Thanks

Matt

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

[keycloak-user] When should auth_time claim be updated?