I’m integrating Keycloak for authentication in my API and encountered an issue with token expiration. I have set the access token to expire after 1 minute. However, when I use a valid refresh token to request a new access token, the new access token seems to inherit the expiration time of the previous token rather than starting with a fresh 1-minute validity. This results in the newly issued access token expiring almost immediately upon issuance, rendering it unusable.
I expected the refreshed access token to have a complete 1-minute lifespan from the moment it’s generated, independently of the previous token’s expiry time. Is there a configuration setting or behavior in Keycloak that controls this? How can I ensure that each refreshed access token has a full validity period, regardless of when it’s issued?