-
Bug
-
Resolution: Done
-
Major
-
1.3.0
-
3
-
False
-
-
False
-
-
Description of problem:
After investigating in this issue, it was discovered that when configuring Keycloak with RHDH, we need to:
- Set the Access Token Lifespan to >5 min (ideally 10 or 15 minutes) to fix the performance issue (unnecessary refresh token request sent for every API call).
- Enable the Revoke Refresh Token option to improve security so that the refresh token rotation strategy can be used.
The current instructions to set up the Keycloak instance as seen here should include these additional recommendations.
Additional info (Such as Logs, Screenshots, etc):
- is related to
-
RHIDP-4695 OIDC refresh token behavior
-
- Closed
-
- links to
There are no Sub-Tasks for this issue.