I have a nodejs app with a react front end. I want that if a user doesn’t do anything in the browser for a while he must be logged out. So I set the SSO Idle Timeout to 1 minute, for trying. But it doesn’t seem to work. I login to the app and just wait at the page, click on nothing, but even after more than 1 minute, when I refresh the page I am still logged in. How can I solve this?
Also I am leaving my express-session configuration in case it is related to it.
SSO Session Idle Timeout is the time that refresh_token has to refresh access_token, what is the configuration of access_token duration, in option Access Token Lifespan?
And I think that you have to implement a idle in your application, after X time idle, your app have to logout the sessioin.
Are you using the keycloak js libary? I think that some things like that are resolved on the library.
Access Token Lifespan is 5 minutes and SSO Session Idle is 30 minutes. Yes I am using the official nodejs adapter. If I have to do it on the server-side, how can I do it?
Remember, when you lower the SSO Idle Session, you have to lower the access token lifespan. You have to renew access token before session idle reached. Ex. SSO Idle Session is 1 minut, access token lifespan needs to lower than.
For a full logout, you need the user to visit the logout end point (/user/logout). You could you use a timeout to redirect them if there is no activity.
Hi maybe there are some callback events of keycloak adapter js that can help you to develop what you want, read the doc.
If you are using react wrapper I recommend you to read their doc too.
A solution would be to pass a callback when initializing the keycloak instance which set a timeout function to calculate the expiration and execute logout.
I would also do the latter. It’s on my backlog, but because I regularly poll for data it’s non-trivial for my use case. I use the endpoint to sign users out of multiple browser sessions.