[keycloak-user] Access token appears to be valid even though session has expired in the background
Scott Finlay
scott.finlay at sixt.com
Thu Jan 12 11:16:25 EST 2017
Hi,
We're having issues that we receive an access token (using our refresh token)
which appears to be valid for some certain amount of time (based on the expiration
time), but that the session expires in the background some time before that
because SSO Session Max has been reached.
Here's an example experiment:
SSO Session Idle = 2min
SSO Session Max = 3min
Access Token Lifespan = 1min
0 - create session (with client credentials)
---1m00 access token expires---
1m10 - register user (refresh token)
1m40 - register user
---2m10 access token expires---
2m40 - register user (refresh token)
---3m00 session expires---
3m10 - register user DIED HERE
---3m40 access token expires---
4m00 - register user (with client credentials)
Is there any way to make our expires time for access tokens take the session lifetime into account?
For example, if we request a new access token 10 seconds before SSO Session Max, it should say
that the token is valid for 10 seconds, not for 60 seconds.
Regards,
Scott
More information about the keycloak-user
mailing list