New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Negative token expiration when changing client session max lifetime #24936
Comments
…eycloak#24936 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
I wrote a test to reproduce this but the test is passing. Is this still an issue? Did I miss a step in the test? |
@douglaspalmer |
@sschu I can reproduce it manually; I'll try to fix the test. |
Due to the amount of issues reported by the community we are not able to prioritise resolving this issue at the moment. If you are affected by this issue, upvote it by adding a 👍 to the description. We would also welcome a contribution to fix the issue. |
@sschu This might not be that trivial to fix and at the same time, it is corner case. We don't prioritize this ATM within Keycloak team. But PR is welcome. |
@mposolda I agree with the priority. I am not even sure what the expected behaviour here is. I would say shortening the session timespans should have a retroactive effect. This means Keycloak should just act as if the session is expired. This might also make it easier to fix this (just respond with an error if the expiration would be negative). |
Check client session is valid in TokenManager Closes keycloak#24936 Signed-off-by: rmartinc <rmartinc@redhat.com>
Before reporting an issue
Area
oidc
Describe the bug
When adding a client session max limit, Keycloak will generate refresh and access tokens with negative token lifetime.
Version
22.0.5, nightly
Expected behavior
Keycloak creates a new client session and a new token with positive token expiration based on the client session settings.
Actual behavior
Keycloak uses the original start date of the first client session and calculates the expiry date based on the now reduced client session max.
How to Reproduce?
Anything else?
This is really a corner case, probably not that critical.
The text was updated successfully, but these errors were encountered: