Refresh token expiration time does not renew on usage

Hello, I’m studying keycloak and got into a strange situation when renewing an access token.

After authorization and receiving access and refresh tokens. The refresh token expiration time is specified as specified in the settings - 600 sec:

{
    "access_token": "...",
    "expires_in": 300,
    "refresh_expires_in": 600,
    "refresh_token": "...",
    "token_type": "Bearer",
    "not-before-policy": 0,
    "session_state": "fd75aefd-5330-45a2-a21a-3e54a157d5c9",
    "scope": "profile email"
}

but when i do refresh request, refresh token expiration time refresh_expires_in is still countdown:

    "expires_in": 300,
    "refresh_expires_in": 574,

and when refresh_expires_in becomes less than expires_in new access token created already with lesser expiration time, eventually the tokens become invalid and refresh fails:

    "expires_in": 115,
    "refresh_expires_in": 115,

realm settings:

How can I make it so that when refreshing access token, the refresh token is also completely renewed with his expiration time?

1 Like

SSO Session Max should be great than SSO Session Idle
and the same
Client Session Max should be great than Client Session Idle
Otherwise the scenario will be occured