[keycloak-user] Refresh token - should it expire?

Stian Thorgersen stian at redhat.com
Tue Jun 23 11:14:27 EDT 2015



----- Original Message -----
> From: "Juraci Paixão Kröhling" <juraci at kroehling.de>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Tuesday, 23 June, 2015 5:12:14 PM
> Subject: Re: [keycloak-user] Refresh token - should it expire?
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> On 06/23/2015 04:50 PM, Stian Thorgersen wrote:
> > In the mean time you can set a high level for the sso expiration.
> 
> That would work for now, but note that if an user logs out or if the
> session expires for some reason, the token is automatically deemed as
> expired as well (invalid_grant, actually). So, it's not about the
> token expiration itself, but about the session expiration:
> 
> http://git.io/vLAtF

Indeed that's the intent. All non-offline tokens are linked to the current users session.

> 
> > When do you need to have a proper offline token?
> 
> Tough question :-) I'd say that we'd absolutely need this by
> September/October, but of course, the sooner the better as it touches
> an important part of the system.

We'll try to get it in for 1.5 - which should be end of August.

> 
> - - Juca.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJViXdOAAoJEDnJtskdmzLMNgEH/jfdVPJQyljkIbbxUlcxo3H3
> 9RBqzPtpb8142Ts6eJR1lwPg82KEjtycVjGuwggkJINPolhtgVploZPH9bKe7kiN
> 7GFAEPhT9FPSKUv09oIR1zz0hl9vu9G/Qv35UmWue1JCzTPtRlUYx9cYBS/Ze4Ps
> +Y/tXgVbLwrx/y2xOVpAEH2giPuGP9VYYWNMCF3vnzISnLjhaEwEK91vHrfwWKEY
> 0+KAq7NDO40049FeFAMwsZ1AzlX+CoK54NdR1q7YQ8kAH88bweA8J/NnM6dySaTN
> Omf6EsxJMWLMXA4Yya5r8ls+K0ZeyJrQqEw01qrTtpu8q1wp1rfrIk8zjknNZ1I=
> =G+Um
> -----END PGP SIGNATURE-----
> 



More information about the keycloak-user mailing list