baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cf2d94dfdd59d9de41efde92d211673ce0f666cb
buun-stack/keycloak/scripts/update-realm-token-settings.ts
Masaki Yatsu 82f90f621b chore(keycloak): code cleanup
2025-10-29 15:33:20 +09:00

88 lines
3.2 KiB
TypeScript
Raw Blame History

#!/usr/bin/env tsx
import KcAdminClient from "@keycloak/keycloak-admin-client";
import invariant from "tiny-invariant";
const main = async () => {
const keycloakHost = process.env.KEYCLOAK_HOST;
const adminUser = process.env.KEYCLOAK_ADMIN_USER;
const adminPassword = process.env.KEYCLOAK_ADMIN_PASSWORD;
const realm = process.env.KEYCLOAK_REALM;
const accessTokenLifespan = parseInt(process.env.ACCESS_TOKEN_LIFESPAN || "3600");
const refreshTokenLifespan = parseInt(process.env.REFRESH_TOKEN_LIFESPAN || "1800");
invariant(keycloakHost, "KEYCLOAK_HOST is required");
invariant(adminUser, "KEYCLOAK_ADMIN_USER is required");
invariant(adminPassword, "KEYCLOAK_ADMIN_PASSWORD is required");
invariant(realm, "KEYCLOAK_REALM is required");
console.log(`Updating token settings for realm: ${realm}`);
console.log(
`Access token lifespan: ${accessTokenLifespan} seconds (${accessTokenLifespan / 60} minutes)`
);
console.log(
`Refresh token lifespan: ${refreshTokenLifespan} seconds (${refreshTokenLifespan / 60} minutes)`
);
const kcAdminClient = new KcAdminClient({
baseUrl: `https://${keycloakHost}`,
realmName: "master",
});
try {
await kcAdminClient.auth({
username: adminUser,
password: adminPassword,
grantType: "password",
clientId: "admin-cli",
});
console.log("✓ Authenticated with Keycloak admin");
kcAdminClient.setConfig({ realmName: realm });
const currentRealm = await kcAdminClient.realms.findOne({ realm });
if (!currentRealm) {
throw new Error(`Realm ${realm} not found`);
}
console.log(`Current settings:`);
console.log(` - Access token lifespan: ${currentRealm.accessTokenLifespan} seconds`);
console.log(` - Refresh token lifespan: ${currentRealm.ssoSessionMaxLifespan} seconds`);
console.log(` - SSO session idle: ${currentRealm.ssoSessionIdleTimeout} seconds`);
await kcAdminClient.realms.update(
{ realm },
{
...currentRealm,
// Access token settings
accessTokenLifespan: accessTokenLifespan,
accessTokenLifespanForImplicitFlow: accessTokenLifespan,
// Refresh token settings
refreshTokenMaxReuse: 0,
ssoSessionMaxLifespan: refreshTokenLifespan,
ssoSessionIdleTimeout: Math.min(refreshTokenLifespan, 1800), // Max 30 minutes idle
// Other token settings
offlineSessionMaxLifespan: refreshTokenLifespan * 2,
offlineSessionMaxLifespanEnabled: true,
// Client session settings
clientSessionMaxLifespan: accessTokenLifespan,
clientSessionIdleTimeout: Math.min(accessTokenLifespan, 1800),
}
);
console.log("✓ Realm token settings updated successfully");
const updatedRealm = await kcAdminClient.realms.findOne({ realm });
console.log(`Updated settings:`);
console.log(` - Access token lifespan: ${updatedRealm?.accessTokenLifespan} seconds`);
console.log(` - Refresh token lifespan: ${updatedRealm?.ssoSessionMaxLifespan} seconds`);
console.log(` - SSO session idle: ${updatedRealm?.ssoSessionIdleTimeout} seconds`);
} catch (error) {
console.error("✗ Failed to update realm token settings:", error);
process.exit(1);
}
};
main().catch(console.error);
Reference in New Issue View Git Blame Copy Permalink