Hello everyone.
And firstly maybe I’m on a wrong way, please correct me further.
General:
- Keycloak version: 19.0.2
Application:
- Application items (services) live in a cloud (containerised).
- Highlight 2: core (backend) and Keycloak (user auth).
- Users interact with Keycloak over the core (thus Keycloak is isolated from the out side).
- Users with a admin role can create another users. For the similar operations the core has the Keycloak client creditians (client_x) and uses the REST API.
Keycloak settings:
- Create new realm (realm_x):
- Create new client (client_x):
- Type: OpenID Connect,
- Client Authenticator: Client ID and Secret,
- Service accounts roles (add):
- (realm-management) manage-users
- (realm-management) view-users
- Roles: <some list>
- Create new client (client_x):
Problem
For users management the core uses the client_x (REST API). Preparing steps:
- get the client access token (ac_token_client_x):
- grant_type: client_credentials
- client_id: client_x
- client_secret: <secret>
- use ac_token_client_x for REST API
I think good idea to set ac_token_client_x lifespan to a high value to less pull the client_credentials.
But ac_token_client_x lifespan is equal to user access token (ac_token_user_x) one.
Question
Can I set different ac_token_client_x and ac_token_user_x lifespan values?