Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSO session and Access token lifespan #235

Open
natbronislavska opened this issue Apr 11, 2024 · 1 comment
Open

SSO session and Access token lifespan #235

natbronislavska opened this issue Apr 11, 2024 · 1 comment

Comments

@natbronislavska
Copy link

Hello,

I've noticed that lifespan settings in example keycloak realms (like here: https://github.com/strimzi/strimzi-kafka-oauth/blob/main/examples/docker/keycloak/realms/demo-realm.json) are set to very high values.

Is there any reason behind the choice for those values ? Are those recommended settings?

@mstruk
Copy link
Contributor

mstruk commented Apr 12, 2024

These examples are not for production setup and should not be considered as best practice in any way.
There is a tradeoff between token lifetime and the load on the authorization server. Token lifetime shorter than 5 minutes, for example may be too much unnecessary load.
The token lifetime should be considered in combination with the authorizer used. For example, the KeycloakAuthorizer periodically refreshes grants from Keycloak which means one can remove access by removing permissions from the user, even if the token itself is still valid.
For the example specifically, I use it sometimes to remote debug using breakpoints and short token lifetimes are disruptive to the debugging flow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants