[keycloak-dev] Adding a minimum TTL for token refreshes

Marek Posolda mposolda at redhat.com
Thu Oct 29 04:11:08 EDT 2015


+1 for this. I might have already created JIRA some months ago, but not 
sure. If you don't found, create your own JIRA.

Our javascript adapter keycloak.js already has support for this (method 
"update" in keycloak.js), but java adapters don't have it.

Looks we may need to add the new option on adapter config ( keycloak.js 
) for this. Not sure what should be it's default value, 5 seconds?

Marek


On 28/10/15 19:51, Benjamin Loy wrote:
> Hello all,
>
> We are using Keycloak in production and wanted to make a change to it 
> to handle tokens that are about to expire.  We have a number of 
> services that rely on the bearer token sent from our web servers for 
> authentication.  Users will land on the web server, we verify their 
> token is alive,  and send the bearer token to a service.  Our issue is 
> sometimes the user has an extremely small amount of time left, the 
> bearer token expires by the time we do the security checks on the 
> services, and the request fails.
>
> We are considering adding a minimum TTL 
> in RefreshableKeycloakSecurityContext that will refresh an active 
> token if it has less than a configurable amount of time left before it 
> expires.  This will let us build a time window that will prevent the 
> token from expiring when interacting with services under normal 
> circumstances.
>
> Would you be interested in our work on this or have any interest to do 
> this yourselves?  I can create a Jira and a pull request if you want 
> us to implement this feature.
>
> Thanks,
>
> Ben
>
>
> -- 
>
>     Benjamin Loy
>
>     Senior Software Engineer
>
>     bloy at smartling.com <mailto:bloy at smartling.com>| o: (866) 707 6278
>
>     smartling.com <http://www.smartling.com/>| linkedIn| @smartling
>     <https://twitter.com/smartling>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151029/83cf1949/attachment.html 


More information about the keycloak-dev mailing list