Sorry for the double mail, I’m new to mailing lists. 😊 I also noticed that when my *refresh* token expired, I get a new access token for 5 min, and there are no further logs during the access token lifetime as expected : 1.5687957954167793e+09 info accces token for user has expired, attemping to refresh the token {"client_ip": "127.0.0.1:40522", "email": &quot;julien.goux(a)live.fr&quot;} 1.56879579542948e+09 error failed to refresh the access token {"error": "invalid_grant: Refresh token expired"} 1.5687957958162918e+09 info issuing access token for user {"email": " julien.goux(a)live.fr ", "expires": "2019-09-18T08:41:35Z", "duration": "4m59.183711073s"} But the logs are back once the *access* token expired after 5 min. (like in my previous mail) De : Julien Goux <julien.goux(a)live.fr&gt; Envoyé : mercredi 18 septembre 2019 10:16 À : keycloak-user(a)lists.jboss.org Objet : gatekeeper - refresh access token on every access Hello, I’m using gatekeeper behind a nginx server. Gatekeeper’s logs are pretty obvious until my first access token expired (5 min lifetime). After this period, it seems that gatekeeper is refreshing the token on every access. Here are the logs for *3 * accesses after the first access token has expired, I have the same log for every further access : 1.5687944022004497e+09 info accces token for user has expired, attemping to refresh the token {"client_ip": "127.0.0.1:40312", "email": "julien.goux@live.fr<mailto:julien.goux@live.fr>"} 1.5687944022271063e+09 info injecting the refreshed access token cookie {"client_ip": "127.0.0.1:40312", "cookie_name": "kc-access", "email": " julien.goux@live.fr<mailto:julien.goux@live.fr> ", "refresh_expires_in": 1800, "expires_in": 299.772897193} 1.5687944027145464e+09 info accces token for user has expired, attemping to refresh the token {"client_ip": "127.0.0.1:40318", "email": " julien.goux@live.fr<mailto:julien.goux@live.fr> "} 1.5687944027320542e+09 info injecting the refreshed access token cookie {"client_ip": "127.0.0.1:40318", "cookie_name": "kc-access", "email": " julien.goux@live.fr<mailto:julien.goux@live.fr> ", "refresh_expires_in": 1800, "expires_in": 299.26794899} 1.568794442552826e+09 info accces token for user has expired, attemping to refresh the token {"client_ip": "127.0.0.1:40328", "email": " julien.goux@live.fr<mailto:julien.goux@live.fr> "} 1.568794442570195e+09 info injecting the refreshed access token cookie {"client_ip": "127.0.0.1:40328", "cookie_name": "kc-access", "email": " julien.goux@live.fr<mailto:julien.goux@live.fr> ", "refresh_expires_in": 1800, "expires_in": 299.429808309} Why does gatekeeper keeps refreshing the access token on every access instead of deliverying a new one for 5 min ? Thanks for your help.