Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Keycloak: Can I set the expiry of a token per client/user/role?

Tags:

keycloak

I'm currently setting up Keycloak to offer protection for some services. There will be both external customers and internal services consuming the same endpoints on my services.

Can I set the token expiry on a user or role or client level, or use a mix of tokens and Basic auth?

like image 603
Michael Avatar asked Jun 30 '16 05:06

Michael

People also ask

Is it possible to change the token expiration time in Keycloak?

Although, you can code accordingly in your application picking the Keycloak session if you need it to be custom. Unfortunately, token expiration time can be set on a per-realm basis only. Thanks for contributing an answer to Stack Overflow!

How to find client ID and Client Secret in Keycloak?

Open the Client application details in Keycloak, Switch to Credentials tab, Copy the Client Secret value. You will find the Client Id value on the Settings tab.

How to change the lifespan of an access token?

It is possible to configure a different lifespan for access tokens on a per client basis. In Keycloak admin console go to a client settings page and expand the "Advanced Settings" section. This screenshot is taken from Keycloak 4.8.1.Final.

How do I enable the client credentials grant flow in Keycloak?

To enable the Client Credentials Grant flow for the OAuth client application in Keycloak, follow these steps: 1 Open the Client application, 2 Select the Settings tab, 3 Enable the Service Accounts as it is shown in the image below, 4 Click on the Save button. More ...

2 Answers

It is possible to configure a different lifespan for access tokens on a per client basis. In Keycloak admin console go to a client settings page and expand the "Advanced Settings" section.
This screenshot is taken from Keycloak 4.8.1.Final.

enter image description here

EDIT: Be aware that is override is applied to Authorization Code Flow only. The access token lifespan for Implicit Flow can still (Keycloak 7.0.0) be set on realm level only!

EDIT: Since Keycloak 10.0.0 it is also possible to override session idle and session max timeout per client.

enter image description here

like image 58
Boomer Avatar answered Oct 09 '22 07:10

Boomer

enter image description here

It can be done on realm only, correctly mentioned by @maslick as Keycloak do SSO and expects multiple clients in one realm.

Although, you can code accordingly in your application picking the Keycloak session if you need it to be custom.

like image 30
codeogeek Avatar answered Oct 09 '22 07:10

codeogeek
Sign in to Comment

Related questions

Mocking a Keycloak token for testing a Spring controller
keycloak CORS filter spring boot
Keycloak Unknown authentication mechanism
Enable role authentication with spring boot (security) and keycloak?
keycloak error : Unrecognized field "access_token"
Spring Boot keycloak and basic authentication together in the same project
How to activate the REST API of keycloak?
Cant access keycloak rest API methods *404*
KeyCloak User validation and getting token
M1 docker preview and keycloak 'image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8)' Issue
Keycloak Admin console not accessible
Keycloak Logout Request
Copy entire directory from container to host
Keycloak client vs user
Keycloak - direct user link registration
Keycloak: Access token validation end point
Gluu vs keycloack vs wso2 identity management [closed]
Can multi-tenancy in Keycloak be done within a single realm?
Keycloak behind apache reverse proxy
Example keycloak spring-boot app fails to find bean KeycloakSpringBootConfigResolver

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!