I'm using KeyCloak in Version 3.0.0.Final and having trouble with an Angular 2 application which runs regularly into the problem that the refresh token is expired. I've tried to increase the token timeouts but it seems the refresh token still expires too quick. My configuration is as follows: - SSO Session Idle: 2 days - SSO Session Max: 10 hours - Offline Session Idle: 30 days - Access Token Lifespan: 5 minutes - Access Token Lifespan For Implicit Flow: 15 minutes - Client login timeout: 1 minute - Login timeout: 30 minutes - Login action timeout: 5 minutes Please note, the refresh often works but after some idle time it is pretty common that the refresh token is expired. I'm using the implementation of the official angular 2 example in the KeyCloak github repository. I'm also using the same realm with a Spring Boot Bearer Client but I guess that this does not affect token of the Angular client, right? I've thought that increasing the SSO Session Idle would solve the problem but it is not. How can I extend the expiry time?