We have a spring boot application secured via Keycloak behind a nginx proxy. The Keycloak is hosted as a two host clustered standalone-ha environment.
Everything works as expected but if the user is inactive longer than Client Session Max configuration (here 10 hours) and the user starts any kind of request the server redirects to /sso/login with an 403 error.
The Keycloak server logs the following entry:
WARN [org.keycloak.events] (default task-18283) type=REFRESH_TOKEN_ERROR, realmId=xxx, clientId=yyy, userId=null, ipAddress=XX.XX.XX.XX, error=invalid_token, grant_type=refresh_token, client_auth_method=client-secret
The spring boot application itself logs:
RefreshableKeycloakSecurityContext.refreshExpiredToken (124) - Refresh token failure status: 400 {"error":"invalid_grant","error_description":"Token is not active"}
Can you help out here?
Thanks!