0

i am using keycloak in my client application for Authentication and Authorization purpose. I configured the keycloak Tokens under Relams settings as below

SSO Session Idle - 8 - Hours

SSO Session Max - 10 - Hours

Access Token Lifespan - 5 - Minutes

Access Token Lifespan For Implicit Flow - 15 - Minutes

Client Session Idle - 0 Minutes

Client Session Max - 0 Minutes

Since the life span of the Access token is 5 minutes, my assumption is that the token i am using in client app should be valid for 5 minutes of duration, But the token is expiring even before this 5 minutes of time. (exactly after 4minutes 15 seconds).

when i try to access any of the backend APIs, the validation fails with an error as below

WWW-Authenticate: Bearer error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: Jwt expired at 2023-06-01T13:09:09Z", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"

why are the tokens getting invalid even before the expiry duration ? and how to resolve this ?

Lisa
  • 655
  • 3
  • 10
  • 34
  • Have you figured this out @Lisa ? I'm having the exact same issue! – Zeon Jul 28 '23 at 08:23
  • @Zeon No , I could not figured out the root cause. Fortunately my system admin restarted the system where the keycloak server is running , there after i did not notice this issue – Lisa Aug 06 '23 at 12:07

0 Answers0