[keycloak-dev] Adding a minimum TTL for token refreshes
Marek Posolda
mposolda at redhat.com
Thu Oct 29 04:13:45 EDT 2015
On 29/10/15 09:11, Marek Posolda wrote:
> +1 for this. I might have already created JIRA some months ago, but
> not sure. If you don't found, create your own JIRA.
>
> Our javascript adapter keycloak.js already has support for this
> (method "update" in keycloak.js), but java adapters don't have it.
>
> Looks we may need to add the new option on adapter config (
> keycloak.js ) for this. Not sure what should be it's default value, 5
> seconds?
Sorry, i meant keycloak.json in the last sentence about adapter config.
Marek
>
> Marek
>
>
> On 28/10/15 19:51, Benjamin Loy wrote:
>> Hello all,
>>
>> We are using Keycloak in production and wanted to make a change to it
>> to handle tokens that are about to expire. We have a number of
>> services that rely on the bearer token sent from our web servers for
>> authentication. Users will land on the web server, we verify their
>> token is alive, and send the bearer token to a service. Our issue
>> is sometimes the user has an extremely small amount of time left, the
>> bearer token expires by the time we do the security checks on the
>> services, and the request fails.
>>
>> We are considering adding a minimum TTL
>> in RefreshableKeycloakSecurityContext that will refresh an active
>> token if it has less than a configurable amount of time left before
>> it expires. This will let us build a time window that will prevent
>> the token from expiring when interacting with services under normal
>> circumstances.
>>
>> Would you be interested in our work on this or have any interest to
>> do this yourselves? I can create a Jira and a pull request if you
>> want us to implement this feature.
>>
>> Thanks,
>>
>> Ben
>>
>>
>> --
>>
>> Benjamin Loy
>>
>> Senior Software Engineer
>>
>> bloy at smartling.com <mailto:bloy at smartling.com>| o: (866) 707 6278
>>
>> smartling.com <http://www.smartling.com/>| linkedIn| @smartling
>> <https://twitter.com/smartling>
>>
>>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151029/39a24210/attachment.html
More information about the keycloak-dev
mailing list