[keycloak-dev] configure longer access tokens / permanent access tokens
Federico Michele Facca
federico.facca at martel-innovate.com
Mon May 20 05:30:55 EDT 2019
Dear All,
to better support IoT devices, we are looking to support longer expiration
for specific tokens
(when using a specific scope - in a similar way to offline_access scope).
We have been looking into:
https://github.com/looorent/keycloak-configurable-token-api
The issue is that, while using this plugin it is possible to extend the
life of a token,
the underlying session will anyhow expire based on the max duration of
token lifespan,
so if you validate the token after the session expiration, the validation
will say that the token
is not active.
What could be a non intrusive way to support extending the life of specific
sessions associated
to such tokens? (i.e. without making changes to the core code).
We thought about changing the started value in the session an put it in the
future, but this is not actually possible. Only getStarted is available on
UserSessions. An other alternative would be to set a very long token
lifespan for the client , but the all tokens will have such long life
(which is not what we aim for).
Any feedback / idea is welcome :)
Cheers,
Federico
More information about the keycloak-dev
mailing list