Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.3k views
in Technique[技术] by (71.8m points)

keycloak - How to set access token to expire in seconds

I have an issue to configuring Redhat Single SigOn (RHSSO) or Keycloak token expiration in seconds, about 30 seconds.

I just found the configuration in minutes. There is a way to adjust it to seconds?

question from:https://stackoverflow.com/questions/65832283/how-to-set-access-token-to-expire-in-seconds

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

From the Keycloak Admin Console it is not possible; Keycloak allows to specify the access token expiration time in Minutes, Hours or Days, but not in seconds:

enter image description here

Albeit, when one requests a token, the expiration time is display in seconds, namely:

{"access_token":"...","expires_in":60,"...}

The least amount of time that you can set via Admin Console is 1 minute. To be honest, I fail to see what would be the great benefit of having 30 seconds instead of 1 minute.

In the Admin Console, if one tries to specify 0.1 (or 0,1) minutes an error is displayed

enter image description here

Now that being said, it seems that you can use the Rest Full API to get around that restriction. First, request a token on behalf of the admin, extract its access token (let us called $ACCESS_TOKEN). And then call the following endpoint:

PUT <KEYCLOAK_HOST>/auth/admin/realms/<REALM_NAME>

with the following data

'{"accessTokenLifespan":30}'

Now if you request a token for a client on the Realm REALM_NAME you will get the following:

{"access_token":"...","expires_in":30,"...}

30 seconds as expiration time for the access token.

Now, I have not tested this, so it is up to you to find out if everything still works as it should.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...