There is an idle timeout and a max session lifespan and an access token
timeout. I don't think we check the max session lifespan when
generating a token, so an access token might be active for access token
timeout + max session lifespan.
On 11/29/16 6:36 PM, Chris Stephens wrote:
We have an angular app and are using the keycloak js adapter. We
refresh the token if it expires within 5 seconds. We also refresh the token every 15
minutes. Our users can jump in and out of our angular app. When they come back in the
initialization logic goes to the key cloak server to make sure they are logged in. What
our QA team is telling us is after 2-3 hours of clicking on the site the user is no longer
logged in, but some of the calls with bearer tokens still go through. We need to know if
refreshing the token or doing the 'check-sso' extends the session.
Christopher Stephens
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user