Hello, I’m studying keycloak and got into a strange situation when renewing an access token.
After authorization and receiving access and refresh tokens. The refresh token expiration time is specified as specified in the settings - 600 sec:
{
"access_token": "...",
"expires_in": 300,
"refresh_expires_in": 600,
"refresh_token": "...",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "fd75aefd-5330-45a2-a21a-3e54a157d5c9",
"scope": "profile email"
}
but when i do refresh request, refresh token expiration time refresh_expires_in
is still countdown:
"expires_in": 300,
"refresh_expires_in": 574,
and when refresh_expires_in
becomes less than expires_in
new access token created already with lesser expiration time, eventually the tokens become invalid and refresh fails:
"expires_in": 115,
"refresh_expires_in": 115,
realm settings:
How can I make it so that when refreshing access token, the refresh token is also completely renewed with his expiration time?