[Feature] Offline_Access token 2fa keycloak #4494

suse-coder · 2025-04-24T11:24:31Z

suse-coder
Apr 24, 2025

Is your feature request related to a problem? Please describe.
How is it possible to have long lived access with 2fa for element chat, so that the user does not have to relogin for a year with his 2fa when he does not change his device and the time is below one year.

Describe the solution you'd like
In keycloak i dont want to change the active_session token to 1 year, but there exist a offline_access scope which could work. Is this currently supported by mas?

Answered by suse-coder

May 2, 2025

As I now know one can also for the client just make the session_idle and session_max in keycloak longer, so all fine

View full answer

sandhose · 2025-05-02T08:43:41Z

sandhose
May 2, 2025
Maintainer

I don't think I understand what you want. Once you logged in, the access you got from the MAS side has nothing to so with the token from Keycloak, it has its own lifecycle, and MAS will not contact keycloak after the initial login

1 reply

suse-coder May 2, 2025
Author

As I now know one can also for the client just make the session_idle and session_max in keycloak longer, so all fine

Answer selected by suse-coder

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Feature] Offline_Access token 2fa keycloak #4494

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

[Feature] Offline_Access token 2fa keycloak #4494

Uh oh!

suse-coder Apr 24, 2025

Replies: 1 comment · 1 reply

Uh oh!

sandhose May 2, 2025 Maintainer

Uh oh!

suse-coder May 2, 2025 Author

suse-coder
Apr 24, 2025

Replies: 1 comment 1 reply

sandhose
May 2, 2025
Maintainer

suse-coder May 2, 2025
Author