How to properly use an access token within a long running background process?

stphngrtz · May 13, 2020, 7:13am

Hi,
we are looking for some advice on how to use an access token within a long running background process that exceeds the token expiry. We are using Keycloak with OpenId Connect and we would like to stick to the standard. Maybe bend it a little bit, if necessary, but not overthrow it.

Use-Case:
User calls a service with his access token. The service starts a long running background process that calls other services. The access token is being sent to the other services in order to authorize the request and relate the action to the user (e.g. “changed by”). The background process may take days or even weeks.

Any ideas? Thanks in advance!

zonaut · May 13, 2020, 6:02pm

You shouldn’t use a users access token for this kind of workflows. You know who starts the process and that’s where it should end.
Like you mentioned, a background process that may take days or even weeks. This is an internal workflow probably queued when you’re planning to scale out.
Create a dedicated client for these kind of workflows.
You probably are re-using existing API’s that do the same thing for multiple workflows and that why you mentioned that ‘changed by’ action. I would suggest to not couple these things to closely together and maybe create separate end points for your workflows.

Topic		Replies	Views
Understanding access token lifespan Getting advice authentication	4	18490	June 13, 2022
Recommended approach requesting and reusing service account token? Getting advice authentication	3	285	November 3, 2023
Trying to understand access token use Securing applications	2	1148	August 16, 2022
Access token timeout for long running operations in resource server Securing applications	2	1222	March 15, 2021
Making a background request without resetting SSO Session Idle timer Getting advice	1	882	May 13, 2020

How to properly use an access token within a long running background process?

Related Topics