Keycloak : Use service account with token that never expire-CodePudding

I'm using Keycloak and SpringBoot API. My goal is to be able to use the keycloak Admin REST API with a token that is generated only one time. I have enabled the service account, but the token expires after few seconds. What can i do to generate a token that NEVER expire ? (like on Openshift service account)

If it not possible, how can i connect my springboot service to the Keycloak instance ? Do i need to generate each time, before each request a token ??

curl --location --request POST 'http://localhost:8081/auth/realms/api/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'client_secret=f8111a95-67dd-412e-9e04-cf044f0e0286'

Thanks for any information

CodePudding user response：

You could implement a little helper component that provides the token centrally, refreshing it automatically behind the scenes (if necessary). The response from Keycloak includes an expires_in property which holds the token expiry in seconds, and the token itself carries expiry information in the standard exp claim.

CodePudding user response：

Keycloak provides a Java-based admin client for this purpose. It handles authentication and token refresh for you.

The Maven coordinates are as follows:

<dependency>
    <groupId>org.keycloak</groupId>
    <artifactId>keycloak-admin-client</artifactId>
    <version>15.0.2</version>
</dependency>

Sources are available at Github at https://github.com/keycloak/keycloak/tree/master/integration/admin-client

The entrypoint will be the Keycloak class, Javadocs can be found here.