[keycloak-user] Refresh token - should it expire?

Juraci Paixão Kröhling juraci at kroehling.de
Tue Jun 23 11:12:14 EDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 06/23/2015 04:50 PM, Stian Thorgersen wrote:
> In the mean time you can set a high level for the sso expiration.

That would work for now, but note that if an user logs out or if the
session expires for some reason, the token is automatically deemed as
expired as well (invalid_grant, actually). So, it's not about the
token expiration itself, but about the session expiration:

http://git.io/vLAtF

> When do you need to have a proper offline token?

Tough question :-) I'd say that we'd absolutely need this by
September/October, but of course, the sooner the better as it touches
an important part of the system.

- - Juca.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJViXdOAAoJEDnJtskdmzLMNgEH/jfdVPJQyljkIbbxUlcxo3H3
9RBqzPtpb8142Ts6eJR1lwPg82KEjtycVjGuwggkJINPolhtgVploZPH9bKe7kiN
7GFAEPhT9FPSKUv09oIR1zz0hl9vu9G/Qv35UmWue1JCzTPtRlUYx9cYBS/Ze4Ps
+Y/tXgVbLwrx/y2xOVpAEH2giPuGP9VYYWNMCF3vnzISnLjhaEwEK91vHrfwWKEY
0+KAq7NDO40049FeFAMwsZ1AzlX+CoK54NdR1q7YQ8kAH88bweA8J/NnM6dySaTN
Omf6EsxJMWLMXA4Yya5r8ls+K0ZeyJrQqEw01qrTtpu8q1wp1rfrIk8zjknNZ1I=
=G+Um
-----END PGP SIGNATURE-----


More information about the keycloak-user mailing list