Refresh Token Validity
61 views
Skip to first unread message
Prakash Thapa
Jul 18, 2025, 7:32:56 AMJul 18
to CAS Community
I am using OIDC in CAS 5.2.2. The validity for Refresh Token is set as below:
cas.authn.oauth.refreshToken.timeToKillInSeconds=2592000
However, the Refresh Token is expired at around 1.5 to 2 hrs and is removed from CAS ticker registry(Redis in my case) and my client application is not able to pull Access Token/ID_Token using this refresh token.
cas.authn.oauth.refreshToken.timeToKillInSeconds=2592000
However, the Refresh Token is expired at around 1.5 to 2 hrs and is removed from CAS ticker registry(Redis in my case) and my client application is not able to pull Access Token/ID_Token using this refresh token.
Prakash Thapa
Aug 21, 2025, 9:53:42 AMAug 21
to CAS Community, Prakash Thapa
I checked the Redis from cli and the TTL was set as per the config as shared above. But the Refresh Token was considered invalid before that time because the TGT through which this Refresh Token generation was initiated was already invalidated due to idle timeout.
Reply all
Reply to author
Forward
0 new messages