From 080bdd318c18e90703ce10bb155d16f3747fc0e9 Mon Sep 17 00:00:00 2001 From: mposolda Date: Thu, 9 Jun 2016 19:38:33 +0200 Subject: [PATCH] KEYCLOAK-2028 : Docs for new adapter option minimum-token-time-to-live --- topics/oidc/java/java-adapter-config.adoc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/topics/oidc/java/java-adapter-config.adoc b/topics/oidc/java/java-adapter-config.adoc index d30347cf66..8fcad0d57b 100644 --- a/topics/oidc/java/java-adapter-config.adoc +++ b/topics/oidc/java/java-adapter-config.adoc @@ -31,7 +31,8 @@ This is what one might look like: "truststore-password" : "geheim", "client-keystore" : "path/to/client-keystore.jks", "client-keystore-password" : "geheim", - "client-key-password" : "geheim" + "client-key-password" : "geheim", + "token-minimum-time-to-live" : 10 } ---- @@ -190,3 +191,9 @@ principal-attribute:: turn-off-change-session-id-on-login:: The session id is changed by default on a successful login on some platforms to plug a security attack vector. Change this to true if you want to turn this off This is _OPTIONAL_. The default value is _false_. + +token-minimum-time-to-live:: + Amount of time, in seconds, to preemptively refresh an active access token with the {{book.project.name}} server before it expires. + This is especially useful when the access token is sent to another REST client where it could expire before being evaluated. + This value should never exceed the realm's access token lifespan. + This is _OPTIONAL_. The default value is `0` seconds, so adapter will refresh access token just if it's expired.