Skip to content

Commit

Permalink
fix: set the offline session to seven days
Browse files Browse the repository at this point in the history
  • Loading branch information
ElderMatt committed May 3, 2024
1 parent 923eb14 commit e7a7606
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/tasks/keycloak/keycloak.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ import {
KEYCLOAK_ADMIN,
KEYCLOAK_ADMIN_PASSWORD,
KEYCLOAK_REALM,
KEYCLOAK_TOKEN_OFFLINE_MAX_TTL_ENABLED,
KEYCLOAK_TOKEN_OFFLINE_TTL,
KEYCLOAK_TOKEN_TTL,
WAIT_OPTIONS,
} from '../../validators'
Expand All @@ -58,6 +60,8 @@ const env = cleanEnv({
KEYCLOAK_ADDRESS_INTERNAL,
KEYCLOAK_REALM,
KEYCLOAK_TOKEN_TTL,
KEYCLOAK_TOKEN_OFFLINE_TTL,
KEYCLOAK_TOKEN_OFFLINE_MAX_TTL_ENABLED,
FEAT_EXTERNAL_IDP,
WAIT_OPTIONS,
})
Expand Down Expand Up @@ -110,6 +114,9 @@ async function main(): Promise<void> {
realmConf.ssoSessionMaxLifespan = env.KEYCLOAK_TOKEN_TTL
realmConf.accessTokenLifespan = env.KEYCLOAK_TOKEN_TTL
realmConf.accessTokenLifespanForImplicitFlow = env.KEYCLOAK_TOKEN_TTL
realmConf.offlineSessionMaxLifespanEnabled = env.KEYCLOAK_TOKEN_OFFLINE_MAX_TTL_ENABLED
realmConf.offlineSessionIdleTimeout = env.KEYCLOAK_TOKEN_OFFLINE_TTL
realmConf.offlineSessionMaxLifespan = env.KEYCLOAK_TOKEN_OFFLINE_TTL
// the api does not offer a list method, and trying to get by id throws an error
// which we wan to discard, so we run the next command with an empty errors array
const existingRealm = (await doApiCall([], `Getting realm ${keycloakRealm}`, () =>
Expand Down
8 changes: 8 additions & 0 deletions src/validators.ts
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,14 @@ export const KEYCLOAK_TOKEN_TTL = num({
desc: 'The Keycloak access token TTL in seconds, 28800 seconds = 8 hours',
default: 28800,
})
export const KEYCLOAK_TOKEN_OFFLINE_TTL = num({
desc: 'The Keycloak offline access token TTL in seconds, 604800 seconds = 7 days',
default: 604800,
})
export const KEYCLOAK_TOKEN_OFFLINE_MAX_TTL_ENABLED = bool({
desc: 'Allows the Keycloak access token TTL to have max limit for offline use',
default: false,
})
export const NODE_EXTRA_CA_CERTS = str({ default: undefined })
export const NODE_TLS_REJECT_UNAUTHORIZED = bool({ default: true })
export const OIDC_CLIENT_SECRET = str({ desc: 'The OIDC client secret used by keycloak to access the IDP' })
Expand Down

0 comments on commit e7a7606

Please sign in to comment.