Expiry time of the new refresh token remains same as old refresh token

[sreenivasu nampelli]

Hi Everyone,

When I try to refresh the token each time, am getting the new refresh token. But the expiry time of the new refresh token is not changing. Can you please let me know why the expiry time is not changing?

Here is the rest API and the payload that I tried with

POST <host>:<port>/auth/realms/<realm>/protocol/openid-connect/token

client_id=<client_id>&grant_type=refresh_token&redirect_uri=<redirect_uri>&refresh_token=<refresh token>

Thanks

Sreeni

[Tewaraj Tamil]

Oh wow can't believe I am not the only one having this issue. Hope we get the answer to understand more on this issue

[Tom Billiet]

Have you looked at the "SSO session max" parameter?

If I'm not mistaken: The "SSO Session idle" should be the expiry time of the refresh token, but you can't extend it beyond the "SSO session max" timeout. So if they're the same, you would probably get this behavior.

Best regards,

Tom

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/3e65b0e2-1d37-46d2-8afa-d5b48b84f1c2n%40googlegroups.com.

[sreenivasu nampelli]

Thank you Tom. Yes. The issue is because of the value set to SSO session max is same as SSO session idle. After changing the SSO session max as higher value (ex:1 day) than SSO session idle time, then the refresh token's expiry time is changing properly.