[keycloak-dev] Adding a minimum TTL for token refreshes
Stian Thorgersen
sthorger at redhat.com
Thu Oct 29 16:43:08 EDT 2015
+1 This is absolutely needed
On 29 October 2015 at 01:13, Marek Posolda <mposolda at redhat.com> wrote:
> On 29/10/15 09:11, Marek Posolda wrote:
>
> +1 for this. I might have already created JIRA some months ago, but not
> sure. If you don't found, create your own JIRA.
>
> Our javascript adapter keycloak.js already has support for this (method
> "update" in keycloak.js), but java adapters don't have it.
>
> Looks we may need to add the new option on adapter config ( keycloak.js )
> for this. Not sure what should be it's default value, 5 seconds?
>
> Sorry, i meant keycloak.json in the last sentence about adapter config.
>
> Marek
>
>
> Marek
>
>
> On 28/10/15 19:51, Benjamin Loy wrote:
>
> Hello all,
>
> We are using Keycloak in production and wanted to make a change to it to
> handle tokens that are about to expire. We have a number of services that
> rely on the bearer token sent from our web servers for authentication.
> Users will land on the web server, we verify their token is alive, and
> send the bearer token to a service. Our issue is sometimes the user has an
> extremely small amount of time left, the bearer token expires by the time
> we do the security checks on the services, and the request fails.
>
> We are considering adding a minimum TTL
> in RefreshableKeycloakSecurityContext that will refresh an active token if
> it has less than a configurable amount of time left before it expires.
> This will let us build a time window that will prevent the token from
> expiring when interacting with services under normal circumstances.
>
> Would you be interested in our work on this or have any interest to do
> this yourselves? I can create a Jira and a pull request if you want us to
> implement this feature.
>
> Thanks,
>
> Ben
>
>
> --
>
> Benjamin Loy
>
> Senior Software Engineer
>
> bloy at smartling.com | o: (866) 707 6278
> smartling.com <http://www.smartling.com/> | linkedIn | @smartling
> <https://twitter.com/smartling>
>
>
>
> _______________________________________________
> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
>
> _______________________________________________
> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151029/9e4da717/attachment.html
More information about the keycloak-dev
mailing list