6

I'm working on a project with the latest Keycloak version, Spring Boot and Spring Oauth2 and Angular as the frontend layer.

Here is my keycloak token configuration:

enter image description here

Whatever value I set for property "SSO Session Idle" on my kecloak server, I end up with a RFRESH_TOKEN_ERROR after 30 minutes (That is the default value for this property based on the official documentation) and after that I can't call any backend endpoint anymore, my token has been invalidated and all calls are made with an Anonymous Authentication object.

What should I do to make this property work (In my case it shouldn't invalidate the token before 10 hours) ? Do I have somehow to refresh the token from frontend side to avoid my token being invalidated ? How should I handle the client inactivity timeout so as users don't have to log in again every 30 minutes ?

Any help or example would be highly appreciated.

Advanced settings for the client on keycloak server: client settings

Terry Jan Reedy
  • 18,414
  • 3
  • 40
  • 52
LionelB
  • 71
  • 1
  • 3
  • No, I'm not overriding these values in the client configuration, SSO Session Idle is also set to 10 hours – LionelB Mar 30 '21 at 13:51
  • Exp time is +10 hours based on the current time which is correct based on property "Access token lifespan". The token is still valid when session timeout comes up after 30 minutes – LionelB Mar 30 '21 at 13:57
  • 1
    Does this answer your question? [How to specify refresh tokens lifespan in Keycloak](https://stackoverflow.com/questions/52040265/how-to-specify-refresh-tokens-lifespan-in-keycloak) Please read also comment of accepted answer - it's complicated. – Jan Garaj Mar 30 '21 at 16:07
  • @LionelB I am facing similar issue, could you please confirm what solved this issue for you? – Shashank Shekher Jun 21 '21 at 04:01
  • Are you sure that the keycloak session is the one that times out ? The spring session usually also has a default lifespan of 30 minutes. It could be that this is your problem. – Markus Schreiber Jul 23 '21 at 08:16

1 Answers1

0

I faced the same issue from Client Side. After Refreshing Tokens in Client Side I was able to solve the issue. I used the following code. This could help. Kindly check.

keycloak.onTokenExpired = () => {
   console.log(">>> Re-Authenticated");
   keycloak.updateToken(50);
};
Mahesh
  • 513
  • 3
  • 12