lcrilly
commented
2 years ago Hello. If I understand you correctly, you wish to control the expiration time of the id_token (JWT). This is part of your IdP configuration, not part of the NGINX Plus configuration.
Reducing the timeout= parameter of the keyval zone for oidc_id_tokens will cause NGINX Plus to 'forget' about the token but typically the IdP issues a cookie that will silently re-authenticate the user when this happens.
Hi When we use this OIDC, we found the oidc will become timeout, but we can not change the Expiration time neither know when it become expire. We set something like this: keyval_zone zone=oidc_id_tokens:1M state=/var/log/nginx/oidc_id_tokens.json timeout=1h sync; keyval_zone zone=refresh_tokens:1M state=/var/log/nginx/refresh_tokens.json timeout=1h sync; But it doesn't work. It would helpful if someone could tell me how to set the Expiration time.