[keycloak-user] Session timeouts for SPA + bearer backend
Andy Yar
andyyar66 at gmail.com
Mon Nov 28 04:33:04 EST 2016
Hello,
I'm having a problem with my SPA Anuglar based application.
TD;DR
The app's session seems to be valid (cookies) although requests to backend
fail since its token has expired - openid-connect/token = HTTP 400
(Refreshing token: token expired).
=========================
The app itself is protected with keycloak.js (Access Type: public +
Standard Flow: ON + login_required) and the backend is built with Spring
Security adapter (Access Type: bearer-only).
Everything works fine until I leave the app idle for some time and then
resume using it (requesting from backend). When I do so, the backend starts
to respond with an eror as its session had timed out - openid-connect/token
returns 400. Although, obviously, the session for the app itself hadn't
expired yet.
As far as I know, there is for instance a KEYCLOAK_SESSION cookie which is
checked periodically by keycloak.js. When I remove the cookie manually, it
gets checked and the app gets redirected to its login screen.
KC version used is 2.2.1.Final. My realm token settings:
* Revoke Refresh Token: OFF
* SSO Session Idle: 30mins
* SSO Session Max: 6days
* Offline Session Idle: 30days
* Access Token Lifespan: 15mins
* ditto for Implicit Flow: 18mins
How should I set my app/token settings up to solve this? Should I just
force my client to relog as soon as Refreshing token: token expired? Don't
know what is the proper way to handle this...
Thanks in advance.
More information about the keycloak-user
mailing list