Is it possible to configure keycloak to extend refresh token expiration time every time when refresh token is used to refresh user session? For example:
Right now when keycloak issues a new refresh token it has the same expiration time as the old refresh_token.
Relevant context: Understanding access token lifespan - #5 by andsouto
It sounds like you may be looking for a use case for “offline access” in Keycloak. I would recommend checking out the Keycloak documentation on the topic for more information:
Server Administration - Offline access
Please note that offline tokens are similar to refresh tokens, but they can be used to obtain a new access token even when the user is not actively using the application. Keep in mind that offline tokens are essentially a password, so it is important to treat them with the same level of security and care as you would with any other sensitive information.
Thanks @weltonrodrigo . I have heard about offline tokens. It would be good but as I have read in documentation:
The difference between a refresh token and an offline token is that an offline token never expires
What I want to achieve is to:
This is not possible using offline tokens.
offline tokens do expire, it’s just that you can set another timeout for them, independent from normal session tokens.
If what you want to achieve are very long web sessions, take a look the configuration for those knobs: Server Administration - Session and token timeouts