Hello there.
My keycloak configured with:
SSO Session Idle = 30m
SSO Session Max = 30m
And my refresh token with offline_access
scope has interesting lifetime:
- If the client inactive for more than 30m, then when I use the refresh token to fetch new access token keycloak’s response is:
{
"error": "invalid_grant",
"error_description": "Session doesn't have required client"
}
- If the client do at least one authentication request within 30m span then keycloack successfully provide me with new accept token and works fine until previous scenario happens.
According to the documentation refresh token with offline scope shouldn’t be affected by any of session idle/max.
Any ideas?
Keycloak version 14.0.0
Refresh token from keycloak is correct one:
{
"iat": 1640106070,
"jti": "{id}",
"iss": "{my keycloack}",
"aud": "{my keycloack},
"sub": "{id},
"typ": "Offline",
"azp": "{my client}",
"session_state": "{id}",
"scope": "openid offline_access"
}