I am using Spring Boot and Keycloak.
Some of my services contain asynchronous operations or batch. Asynchronous operations can take a long time. For example, while the token duration is 1 hour, the processing time of the Asynchronous service can be 10 hours. I want to extend the token duration for asynchronous transactions. How can I do this? If I specify a special user, I want to maximize the token duration, but User-based token duration cannot be determined in Keycloak. If I refresh token after a while while asynchronous operations are running, I don’t know when to do it. How should Token transactions be in Asynchronous and Batch transactions?
Access tokens shouldn’t be valid that long, IMHO.
For such use cases, you can make use of the offline_access scope and retrieve a so called offline token as refresh token. With this offline token, your client can obtain a new fresh access_token at a later time, even if the user is no more online and has ended its user session.
2 Likes
How can I know when the token expires? I may not know how long the asynchronous transaction takes for me to use offline-token, and if I catch it with an exception when the token expires, this time the transaction commit may have occurred between the services, so I cannot solve the situation exactly. Why doesn’t Keycloak allow me to set user-based token duration?
I believe Dasniko’s answer was crystal clear.
For the second question, here are some RFCs [1] and [2] to read.
[1] RFC 6749 - The OAuth 2.0 Authorization Framework
[2] RFC 7519 - JSON Web Token (JWT)
1 Like