Keycloak returning already-expired tokens

Question

I'm trying to use keycloak to get access tokens,

but I get the error Token is expired when trying to use the tokens issued by keycloak

For example, if I get a token using curl:

curl -u account:___mysecret___ -k
-d "grant_type=password&username=testuser&password=__some__pass"
-H "Content-Type:application/x-www-form-urlencoded" 
http://localhost:8080/auth/realms/testRealm/protocol/openid-connect/token

and decode the returned token using jwt.io, I can see that the exp date is yesterday's date.

how do I get usable access tokens?

@JanGaraj maybe. It's running in docker. But I had to restart the computer due to other reasons, and after that the time was ok. — janwr, Oct 28 '20 at 16:19
there is the solution describe here https://stackoverflow.com/questions/65086856/wsl2-clock-is-out-of-sync-with-windows — Sebastien Dionne, Jan 03 '22 at 16:29

brouille · Answer 1 · 2021-07-26T16:07:03.857

I think you were using keycloak with docker desktop on windows.

And your localtime of your hyperV where not synchronize anymore with your host computer.

If you wrote : date in your docker container, the date is wrong.

So the token genreate by keycloak was outdated

So rebooting hyperV resynchronize the localtime in your docker container.

More info here : How to make sure docker's time syncs with that of the host?

score 0 · Answer 2 · answered Oct 27 '20 at 09:37

0

Checked in the "realm settings" the "tokens" tab! There you can configure session timeout and token validity.

Further check in "clients" => "settings" => "advanced settings" if there is set something.

Then please check the time and time zone configured on you keycloak host.

answered Oct 27 '20 at 09:37

Maik

310
1
11

1

had to restart the computer (for another reason) and after that keycloak continued working fine. – janwr Oct 28 '20 at 16:18

Keycloak returning already-expired tokens

2 Answers2