Search code examples
keycloakaccess-tokenkeycloak-rest-api

Keycloak access token expires too soon

I have access token that should be valid for 10 hours, but it expires after 30 minutes. I use it to call Keycloak rest api and it works for half an hour, but after that I get 401 - Unauthorized. I decoded it on jwt.io and exp claim is 10 hours after I aquired it. I checked system time and everything seems fine. What could be the problem?

Solution

  • Since you have not shared your config, I am assuming you are setting "Access Token Lifespan" as 10 hours (same is reflected in your jwt as you mentioned).

    To avoid the login again and again, you need to set SSO session time as 10 hours. (See 2 and 3 highlighted in below image.)

    Now coming to access token, if you are using a browser to test your api, you can set it to any value less than your SSO session value. As the session cookie will be automatically handled by the keycloak.

    However, if you are using PostMan or other client to test your API and want to use same token for 10 hours, then set you access token also to 10 hours.

    enter image description here

    For more details, refer: https://www.keycloak.org/docs/latest/server_admin/#_timeouts