Checklist
Describe the problem you'd like to have solved
The current implementation of the token validity validation treats tokens that expire in the next 5 minutes as not valid anymore.
Our token lifespan is 5 mins, so with every request to OpenFGA, the client requests a new token.
In my opinion, the 5-minute threshold that the client uses is a very long time. In our microservices environment, we use a 30-second threshold and have never had a problem with it.
Describe the ideal solution
Would it be possible to reduce this threshold or make it configurable? This would allow to continue using very short-lived tokens, which would improve security.
Alternatives and current workarounds
Increase the token lifespan.
References
No response
Additional context
Just as a side note, the default value for token lifespan in Keycloak is 5 minutes.
Checklist
Describe the problem you'd like to have solved
The current implementation of the token validity validation treats tokens that expire in the next 5 minutes as not valid anymore.
Our token lifespan is 5 mins, so with every request to OpenFGA, the client requests a new token.
In my opinion, the 5-minute threshold that the client uses is a very long time. In our microservices environment, we use a 30-second threshold and have never had a problem with it.
Describe the ideal solution
Would it be possible to reduce this threshold or make it configurable? This would allow to continue using very short-lived tokens, which would improve security.
Alternatives and current workarounds
Increase the token lifespan.
References
No response
Additional context
Just as a side note, the default value for token lifespan in Keycloak is 5 minutes.