Keycloak Session and Token Timeout: Client login timeout

keycloak session-timeout
11,537

In simple terms it is the time spent by the client to get an Access Token.

It is the maximum time the client has to finish the Authorization Code Flow. The steps involved in the Authorization Code Flow can be found in OIDC specs.

https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowSteps

  1. Client prepares an Authentication Request containing the desired request parameters.
  2. Client sends the request to the Authorization Server.
  3. Authorization Server Authenticates the End-User.
  4. Authorization Server obtains End-User Consent/Authorization.
  5. Authorization Server sends the End-User back to the Client with an Authorization Code.
  6. Client requests a response using the Authorization Code at the Token Endpoint.
  7. Client receives a response that contains an ID Token and Access Token in the response body.
  8. Client validates the ID token and retrieves the End-User's Subject Identifier.
Share:
11,537
CodingYourLife
Author by

CodingYourLife

I'm a passionate software developer. Very diversified like Blockchain, Web, Cloud/Backend, Automatic Testing, Machine Learning. Founder and CEO of CodingYourLife e.U.

Updated on July 15, 2022

Comments

  • CodingYourLife
    CodingYourLife almost 2 years

    We are currently verifying our Keycloak Session and Token timeout settings to rule out error potential. I think default configuration should do it for our use case.

    I think the only worrying value is "Client login timeout" which we've set to 1 minute (like in the screenshot of the documentation). Documentation here states: Client login is the maximum time that a client has to finish the Authorization Code Flow in OIDC.

    I read it but I don't understand it... I guess the documentation copy pasted this from redhat documentation here (or vice versa) but also there is no detailed explanation there.

    So my question really is: What is "client login timeout" and what would be a good default for it? A perfect answer for me would just describe the workflow from a user perspective when it fails (like user drank a coffee for 1 minute before clicking the e-mail verification link etc.) and/or a link to further reading

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Flutter appauth Invalid parameter: redirect_uri
Authenticate flutter app with keycloak and openid_client
recognizing session timeout
Keycloak "Unexpected error when handling authentication request to identity provider"
Session Time Out in Asp.net 4.0 on IIS 7.5
Keycloak Access Token vs UserInfo token?
Jetty 8 set "session-timeout" without web.xml?
Spring Boot - KeyCloak directed to 403 forbidden
Keycloak - using admin API to add client role to user
How to redirect keyclock to application's page and get token