Reputation: 1
What is Lifespan value for ID Token?
Currently in Keycloak, Access Token Lifespan is configurable and there is no way to configure lifespan for ID Token. How do I configure a lifespan value for ID Token?
Upvotes: 0
Views: 1007
Answers (2)
Reputation: 5122
Currently in Keycloak, lifespan for ID Token is the same as Access Token Lifespan.
Please refer to the code: https://github.com/keycloak/keycloak/blob/8.0.0/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java#L765
Upvotes: 1
Reputation: 51
Shouldn't be different ?
From Auth0 https://auth0.com/docs/tokens/id-tokens - ID Tokens are used in token-based authentication to cache user profile information and provide it to a client application, thereby providing better performance and experience. The application receives an ID Token after a user successfully authenticates, then consumes the ID Token and extracts user information from it, which it can then use to personalize the user's experience.
Here are some references which I could gather
https://auth0.com/docs/api-auth/why-use-access-tokens-to-secure-apis https://www.ory.sh/docs/hydra/configuration https://auth0.com/docs/dashboard/guides/applications/update-token-lifetime
Upvotes: 0
Related Questions
- Keycloak - How to request a token with a custom lifespan?
- Keycloak : Access token expiry time
- IdentityServer4 Refresh Token: How to determine expiration time?
- Unable to understand IdentityTokenLifetime and how long my JWT lasts
- How I can assign the lifetime of the token?
- how to set token expiration time on keycloak
- Loopback 4 - How long does the generated token expire? - ex: ToDo
- Id_token lifetime with respect to access_token lifetime (OpenID Connect)
- What is the max expiration time accepted by JWT tokens
- What is the expiry date time of the access token?