Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
menu search
person
Welcome To Ask or Share your Answers For Others

Categories

I have an issue to configuring Redhat Single SigOn (RHSSO) or Keycloak token expiration in seconds, about 30 seconds.

I just found the configuration in minutes. There is a way to adjust it to seconds?

question from:https://stackoverflow.com/questions/65832283/how-to-set-access-token-to-expire-in-seconds

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
1.3k views
Welcome To Ask or Share your Answers For Others

1 Answer

From the Keycloak Admin Console it is not possible; Keycloak allows to specify the access token expiration time in Minutes, Hours or Days, but not in seconds:

enter image description here

Albeit, when one requests a token, the expiration time is display in seconds, namely:

{"access_token":"...","expires_in":60,"...}

The least amount of time that you can set via Admin Console is 1 minute. To be honest, I fail to see what would be the great benefit of having 30 seconds instead of 1 minute.

In the Admin Console, if one tries to specify 0.1 (or 0,1) minutes an error is displayed

enter image description here

Now that being said, it seems that you can use the Rest Full API to get around that restriction. First, request a token on behalf of the admin, extract its access token (let us called $ACCESS_TOKEN). And then call the following endpoint:

PUT <KEYCLOAK_HOST>/auth/admin/realms/<REALM_NAME>

with the following data

'{"accessTokenLifespan":30}'

Now if you request a token for a client on the Realm REALM_NAME you will get the following:

{"access_token":"...","expires_in":30,"...}

30 seconds as expiration time for the access token.

Now, I have not tested this, so it is up to you to find out if everything still works as it should.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
...