baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(keycloak): set access/refresh token lifespan

Browse Source
This commit is contained in:
Masaki Yatsu
2025-08-31 16:28:32 +09:00
parent f529223c56
commit ddf867d1f1
4 changed files with 216 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
keycloak/scripts/create-realm.ts
View File

@@ -14,6 +14,12 @@ const main = async () => {
const realmName = process.env.KEYCLOAK_REALM;
invariant(realmName, "KEYCLOAK_REALM environment variable is required");
// Token lifespan settings (with defaults suitable for JupyterHub)
const accessTokenLifespan = parseInt(process.env.ACCESS_TOKEN_LIFESPAN || "3600"); // 1 hour
const refreshTokenLifespan = parseInt(process.env.REFRESH_TOKEN_LIFESPAN || "14400"); // 4 hours - changed from 30min
const ssoSessionMaxLifespan = parseInt(process.env.SSO_SESSION_MAX_LIFESPAN || refreshTokenLifespan.toString()); // Use refreshTokenLifespan
const ssoSessionIdleTimeout = parseInt(process.env.SSO_SESSION_IDLE_TIMEOUT || "7200"); // 2 hours
const kcAdminClient = new KcAdminClient({
baseUrl: `https://${keycloakHost}`,
realmName: "master",
@@ -38,8 +44,25 @@ const main = async () => {
await kcAdminClient.realms.create({
realm: realmName,
enabled: true,
// Token lifespan settings
accessTokenLifespan: accessTokenLifespan,
accessTokenLifespanForImplicitFlow: accessTokenLifespan,
ssoSessionMaxLifespan: ssoSessionMaxLifespan,
ssoSessionIdleTimeout: Math.min(ssoSessionMaxLifespan, ssoSessionIdleTimeout),
// Refresh token settings
refreshTokenMaxReuse: 0,
// Offline session settings
offlineSessionMaxLifespan: ssoSessionMaxLifespan * 2,
offlineSessionMaxLifespanEnabled: true,
// Client session settings
clientSessionMaxLifespan: accessTokenLifespan,
clientSessionIdleTimeout: Math.min(accessTokenLifespan, ssoSessionIdleTimeout),
});
console.log(`Realm '${realmName}' created successfully.`);
console.log(`Realm '${realmName}' created successfully with token settings:`);
console.log(` - Access Token Lifespan: ${accessTokenLifespan} seconds (${accessTokenLifespan/60} minutes)`);
console.log(` - Refresh Token Lifespan: ${refreshTokenLifespan} seconds (${refreshTokenLifespan/60} minutes)`);
console.log(` - SSO Session Max: ${ssoSessionMaxLifespan} seconds (${ssoSessionMaxLifespan/60} minutes)`);
console.log(` - SSO Session Idle: ${ssoSessionIdleTimeout} seconds (${ssoSessionIdleTimeout/60} minutes)`);
} catch (error) {
console.error("An error occurred:", error);
// eslint-disable-next-line unicorn/no-process-exit