0

I'm trying to extend the expiration time of refresh tokens, after using one.

Let's imagine that my current access_token has expired. In order to have a new access_token, I make a request using my refresh token, grant_type='refresh_token'&refresh_token=refreshToken, to Keycloak that gives me a new access_token and a new refresh_token. The problem is that this new refresh_token has the same expiration date as the previous one. This means that I'll have to reenter my credentials some time after my login in order to extend my refresh token expire date.

What I intend to do is to only logout from my application if the user doesn't login for a given amount of time.

Note: If I change the scope to be offline_access there is no expiration date on the token. I could use this but this means that this token will live forever. See also:

Thank you all in advance.

Bishop19
  • 37
  • 9
  • I tested Keycloak V 22.0.1 , The new refresh token's exp (Expiration Time) claim in a JWT. it is not same as old refresh token exp. It is extended 30 minutes from new "iat" (Issued At). – Bench Vue Aug 09 '23 at 18:41
  • @BenchVue I'm using Keycloak v20.0.2 and its Rest API. The `iat` changes when I refresh the tokens, but `exp` doesn't get extended. I'm currently making a request to `${baseURL}/realms/${realmName}/protocol/openid-connect/token` with `grant_type: 'refresh_token'`. Did you make a similar request? – Bishop19 Aug 10 '23 at 09:35
  • I've created a clean realm, and the new refresh token has an extended lifetime. So I probably changed a setting on my main realm without noticing the impact... – Bishop19 Aug 10 '23 at 09:48
  • @BenchVue I think I figured it out: I had SSO Session Idle = SSO Session Max, now I have SSO Session Idle < SSO Session Max. Would like your opinion before answering this post, please – Bishop19 Aug 10 '23 at 10:18
  • I am sorry, I have no idea how to test SSO session. I did test same as you test to get refresh token by ${baseURL}/realms/${realmName}/protocol/openid-connect/token with grant_type: 'refresh_token' – Bench Vue Aug 10 '23 at 16:18

0 Answers0