[keycloak-dev] Adding a minimum TTL for token refreshes

[Benjamin Loy]

Hello all,

We are using Keycloak in production and wanted to make a change to it to
handle tokens that are about to expire.  We have a number of services that
rely on the bearer token sent from our web servers for authentication.
Users will land on the web server, we verify their token is alive,  and
send the bearer token to a service.  Our issue is sometimes the user has an
extremely small amount of time left, the bearer token expires by the time
we do the security checks on the services, and the request fails.

We are considering adding a minimum TTL
in RefreshableKeycloakSecurityContext that will refresh an active token if
it has less than a configurable amount of time left before it expires.
This will let us build a time window that will prevent the token from
expiring when interacting with services under normal circumstances.

Would you be interested in our work on this or have any interest to do this
yourselves?  I can create a Jira and a pull request if you want us to
implement this feature.

Thanks,

Ben


-- 

Benjamin Loy

Senior Software Engineer

bloy at smartling.com | o: (866) 707 6278
smartling.com <http://www.smartling.com/> | linkedIn | @smartling
<https://twitter.com/smartling>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151028/891b54cf/attachment.html