baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(keycloak): set access token lifespan

Browse Source
This commit is contained in:
Masaki Yatsu
2025-09-19 15:16:01 +09:00
parent f4a73377c3
commit 7bc24641d8
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
keycloak/justfile
View File

@@ -233,6 +233,7 @@ create-client *args:
# client_direct_access_grants: Whether to enable direct access grants (true/false) # client_direct_access_grants: Whether to enable direct access grants (true/false)
# client_pkce_method: PKCE method ('S256', 'plain' or empty) # client_pkce_method: PKCE method ('S256', 'plain' or empty)
# post_logout_redirect_uris: Post logout redirect URIs (comma-separated input, converted to Keycloak ## format) # post_logout_redirect_uris: Post logout redirect URIs (comma-separated input, converted to Keycloak ## format)
# access_token_lifespan: Access token lifespan in seconds
set -euo pipefail set -euo pipefail
export KEYCLOAK_ADMIN_USER=$(just admin-username) export KEYCLOAK_ADMIN_USER=$(just admin-username)
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password) export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)

8
keycloak/scripts/create-client.ts
View File

@@ -29,6 +29,7 @@ const main = async () => {
const directAccessGrants = process.env.KEYCLOAK_CLIENT_DIRECT_ACCESS_GRANTS; const directAccessGrants = process.env.KEYCLOAK_CLIENT_DIRECT_ACCESS_GRANTS;
const pkceMethod = process.env.KEYCLOAK_CLIENT_PKCE_METHOD; const pkceMethod = process.env.KEYCLOAK_CLIENT_PKCE_METHOD;
const postLogoutRedirectUris = process.env.KEYCLOAK_POST_LOGOUT_REDIRECT_URIS; const postLogoutRedirectUris = process.env.KEYCLOAK_POST_LOGOUT_REDIRECT_URIS;
const accessTokenLifespan = process.env.KEYCLOAK_ACCESS_TOKEN_LIFESPAN;
const kcAdminClient = new KcAdminClient({ const kcAdminClient = new KcAdminClient({
baseUrl: `https://${keycloakHost}`, baseUrl: `https://${keycloakHost}`,
@@ -96,6 +97,13 @@ const main = async () => {
console.log(`Setting Post Logout Redirect URIs: ${postLogoutUris.join(', ')}`); console.log(`Setting Post Logout Redirect URIs: ${postLogoutUris.join(', ')}`);
} }
// Add access token lifespan if provided
if (accessTokenLifespan && accessTokenLifespan !== '') {
clientConfig.attributes = clientConfig.attributes || {};
clientConfig.attributes['access.token.lifespan'] = accessTokenLifespan;
console.log(`Setting Access Token Lifespan: ${accessTokenLifespan} seconds`);
}
if (directAccessGrants === 'true') { if (directAccessGrants === 'true') {
console.log('Enabling Direct Access Grants (Resource Owner Password Credentials)'); console.log('Enabling Direct Access Grants (Resource Owner Password Credentials)');
} }