[keycloak-dev] Offline Session Max for Offline Token
Marek Posolda
mposolda at redhat.com
Mon Jun 18 07:28:31 EDT 2018
Hi,
it makes sense to me to have support for this. However IMO default value
should be still "infinity" like it is now.
I am not sure what is the best way to handle this in admin console
considering usability? Considering that timeouts in admin console (Tab
"Tokens" of "Realm Settings") doesn't yet support infinity. And other
timeouts besides "Offline Session Max" still should be kept to not
support infinity IMO.
Maybe one way is to have On/Off switch like "Offline Session Max
Limited" . It is off by default and when it is switched to ON, it will
show another field "Offline Session Max" with the timeout? Which can be
60 days by default maybe? At the model level, there would be still
single int value IMO (EG. When the value is -1, it means infinity, which
means that "Offline Session Max Limited" switch will be OFF in admin
console and "Offline Session Max" hidden. When it is positive value, the
"Offline Session Max Limited" switch will be ON and the actual value of
timeout "Offline Session Max" will be shown). Could this work?
Marek
On 14/06/18 08:36, 乗松隆志 / NORIMATSU,TAKASHI wrote:
> Hello,
>
> I've found that keycloak does not support Offline Session Max related to Offline Token while supports SSO Session Max related to Refresh Token.
>
> For authorization of REST API services, long life(not infinite, such as 60days) refresh token is required, offline access and persistency in keycloak side are also expected.
> Therefore, Offline Session Max is required for offline token.
>
> For example, consulting MS Azure, it has already supported this concept.
> https://docs.microsoft.com/en-US/azure/active-directory/develop/active-directory-token-and-claims#token-revocation
>
> I would like to try to implement this feature.
> Best regards,
> Takashi Norimatsu
> Hitachi Ltd.,
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list