Different access token lifespan

Docdez · September 28, 2022, 2:06pm

Hello everyone.
And firstly maybe I’m on a wrong way, please correct me further.

General:

Keycloak version: 19.0.2

Application:

Application items (services) live in a cloud (containerised).
Highlight 2: core (backend) and Keycloak (user auth).
Users interact with Keycloak over the core (thus Keycloak is isolated from the out side).
Users with a admin role can create another users. For the similar operations the core has the Keycloak client creditians (client_x) and uses the REST API.

Keycloak settings:

Create new realm (realm_x):
1. Create new client (client_x):
  - Type: OpenID Connect,
  - Client Authenticator: Client ID and Secret,
  - Service accounts roles (add):
    - (realm-management) manage-users
    - (realm-management) view-users
  - Roles: <some list>

Problem

For users management the core uses the client_x (REST API). Preparing steps:

get the client access token (ac_token_client_x):
- grant_type: client_credentials
- client_id: client_x
- client_secret: <secret>
use ac_token_client_x for REST API

I think good idea to set ac_token_client_x lifespan to a high value to less pull the client_credentials.
But ac_token_client_x lifespan is equal to user access token (ac_token_user_x) one.

Question

Can I set different ac_token_client_x and ac_token_user_x lifespan values?

Topic		Replies	Views
Understanding access token lifespan Getting advice authentication	4	18522	June 13, 2022
Set lifespan using Spring boot	0	243	June 25, 2023
Understanding Access token expiration when using client_credentials grant type Getting advice	1	1953	August 19, 2022
Removing or setting expiration to max for access token Configuring the server authentication	0	378	April 25, 2022
Set the expiry of a token per client? Getting advice authentication	0	323	October 16, 2020