Versions Compared

Old Version 20

changes.mady.by.user Hilary Baraka Egesa

Saved on

compared with

New Version 21

changes.mady.by.user Hilary Baraka Egesa

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
GET: http://localhost:8080/auth/realms/xyz-realm-name/protocol/openid-connect/userinfo
{
    "sub": "fe6122f1-1d56-4b4c-87ad-d3ad928d63cc",
    "email_verified": true,
    "name": "demo user",
    "preferred_username": "demo",
    "given_name": "demo",
    "family_name": "user",
    "enabled": true
}

8. Session and token timeouts

The OpenSRP client app kicks a user out when the refresh token expires. The consequence being that you have to login while online to access the app or for sync to happen in the background. Therefore, it is recommended to set your OpenSRP applications' refresh and access token to 14 days and 1 day respectively.

You can manipulate the access token and refresh token values by either using the Tokens tab of the Realm settings or by going to the Advanced Settings section of the Client’s setting page.

To change the access token value, go to Clients > Choose the client > Settings Tab > Expand Advanced Settings> Change Access Token Lifespan to 1. Ensure that the value is in Days.

Navigation to Clients settings

...

Image Added

Refresh token timeout is determined as the lowest of SSO Session Max (Realm setting) , SSO Session Idle (Realm setting), Client Session Max (Client setting) and Client Session Idle (Client setting). In our case we have to ensure that at least on of the values is 14 days. The rest should be the same or higher.

Image Added

The refresh token is returned in the fieldrefresh_expires_in that is returned by the fetch token endpoint {keyloak_url}/auth/realms/opensrp/protocol/openid-connect/token.

...