[
https://issues.apache.org/jira/browse/AIRAVATA-2647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16334626#comment-16334626
]
Marcus Christie commented on AIRAVATA-2647:
-------------------------------------------
What configuration option affects the refresh token lifetime?
*SSO Session Idle Timeout*
{quote}The difference between a classic Refresh token and an Offline token is,
that an offline token will never expire and is not subject of SSO Session Idle
timeout . The offline token is valid even after a user logout or server
restart. However by default you do need to use the offline token for a refresh
token action at least once per 30 days (this value, Offline Session Idle
timeout, can be changed in the administration console in the Tokens tab under
Realm Settings). Also if you enable the option Revoke refresh tokens, then each
offline token can be used just once. So after refresh, you always need to store
the new offline token from refresh response into your DB instead of the
previous one.
{quote}
from [Server Admin, 13.4 Offline
Access]([http://www.keycloak.org/docs/latest/server_admin/index.html#_offline-access])
This is currently defaulted to 60 minutes in Keycloak.
Keycloak also has a notion of an offline_access style refresh token.
> Refresh token when access token is expired
> ------------------------------------------
>
> Key: AIRAVATA-2647
> URL: https://issues.apache.org/jira/browse/AIRAVATA-2647
> Project: Airavata
> Issue Type: Sub-task
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Priority: Major
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
