Access token lifespan by Tenant level

p2-inc / keycloak-orgs

Single realm, multi-tenancy for SaaS apps

Other

367 stars 65 forks source link

Access token lifespan by Tenant level #66

Closed santosmken closed 1 year ago

santosmken commented 1 year ago

Hi all,

I just have some question about the extension if there is any possibility to have access token lifespan in tenant level? Right now with Keycloak, the access token lifespan can be configured by Realm (stored in realm table own column) and Client level (stored in client_attribute table as string). I'm not sure if creating a new token endpoint is the correct way or maybe extending the TokenManager.

Any inputs are appreciated. Thank you.

xgp commented 1 year ago

Hi @santosmken Thanks for the question. This extension doesn't support access token lifespan at the tenant/organization level. We have looked into the possibility, but the customization required is difficult, given that this functionality is not easily replaced inside Keycloak. Happy to accept PRs or concrete designs in this regard, but we don't have plans to add that feature.

santosmken commented 1 year ago

Thank you for your response @xgp. With the current setup of the extension, if the client (application) belongs to many tenants they will always get the same access token lifespan by realm or client level from keycloak correct?

xgp commented 1 year ago

Correct.