[keycloak-dev] configure longer access tokens / permanent access tokens
Stian Thorgersen
sthorger at redhat.com
Tue May 21 04:41:59 EDT 2019
This would be very relevant both for mobile and IoT. It would be something
we'd be interested in having a contribution around.
A few points from me:
* Add a new session type for the realms which is longer duration. It should
still have some timeouts as otherwise it will never be cleared up.
* Configurable session type per client?
* Request longer duration session type with scope?
On Mon, 20 May 2019 at 11:32, Federico Michele Facca <
federico.facca at martel-innovate.com> wrote:
> Dear All,
> to better support IoT devices, we are looking to support longer expiration
> for specific tokens
> (when using a specific scope - in a similar way to offline_access scope).
> We have been looking into:
> https://github.com/looorent/keycloak-configurable-token-api
>
> The issue is that, while using this plugin it is possible to extend the
> life of a token,
> the underlying session will anyhow expire based on the max duration of
> token lifespan,
> so if you validate the token after the session expiration, the validation
> will say that the token
> is not active.
>
> What could be a non intrusive way to support extending the life of specific
> sessions associated
> to such tokens? (i.e. without making changes to the core code).
>
> We thought about changing the started value in the session an put it in the
> future, but this is not actually possible. Only getStarted is available on
> UserSessions. An other alternative would be to set a very long token
> lifespan for the client , but the all tokens will have such long life
> (which is not what we aim for).
>
> Any feedback / idea is welcome :)
>
> Cheers,
> Federico
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list