[keycloak-user] Session timeouts for SPA + bearer backend

[Stian Thorgersen]

Sounds like your access token is expired. You need to refresh it. See the
docs for the JavaScript adapter and examples, specifically updateToken
function.

On 28 November 2016 at 10:33, Andy Yar <andyyar66 at gmail.com> wrote:

> Hello,
> I'm having a problem with my SPA Anuglar based application.
>
> TD;DR
>
> The app's session seems to be valid (cookies) although requests to backend
> fail since its token has expired - openid-connect/token = HTTP 400
> (Refreshing token: token expired).
>
> =========================
>
> The app itself is protected with keycloak.js (Access Type: public +
> Standard Flow: ON + login_required) and the backend is built with Spring
> Security adapter (Access Type: bearer-only).
>
> Everything works fine until I leave the app idle for some time and then
> resume using it (requesting from backend). When I do so, the backend starts
> to respond with an eror as its session had timed out - openid-connect/token
> returns 400. Although, obviously, the session for the app itself hadn't
> expired yet.
>
> As far as I know, there is for instance a KEYCLOAK_SESSION cookie which is
> checked periodically by keycloak.js. When I remove the cookie manually, it
> gets checked and the app gets redirected to its login screen.
>
> KC version used is 2.2.1.Final. My realm token settings:
> * Revoke Refresh Token: OFF
> * SSO Session Idle: 30mins
> * SSO Session Max: 6days
> * Offline Session Idle: 30days
> * Access Token Lifespan: 15mins
> * ditto for Implicit Flow: 18mins
>
> How should I set my app/token settings up to solve this? Should I just
> force my client to relog as soon as Refreshing token: token expired? Don't
> know what is the proper way to handle this...
>
> Thanks in advance.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>