Recommended approach requesting and reusing service account token?

What is the recommended approach for calling Keycloak using a service account token?
Is it to always request a new token on each interaction? Cache tokens in something like Redis for the expiry time period of the token?

Currently to perform admin actions on users in my APIs and services I am requesting a new service account token for each action.

Because of this if I were to perform multiple actions on users within a small timeframe I would be calling Keycloak every time for a token and then again using that token. This does not seems ideal.

Does anyone have recommendations or does Keycloak have some suggested guidance in their docs that I missed? Thank you!

Keycloak does not recommend anything, as this is not Keycloak specific!

Depending on your use cases and environment, you can store/cache the token and use it as long it is valid. This way you don‘t need to request for each and every call an new token.

Hey @dasniko. Yes I realize it is not Keycloak specific haha.

I was just wondering given Keycloak documentation does sometimes give recommendations of what to do and not to do when it comes to general OAuth / OIDC / SAML etc.

Thank you for your response though.

Just go to the following RFCs and specs: