Skip to content

Short OAuth token lifespan (~ 5 mins) leads to unnecessary fetch of a new token #309

New issue
New issue
Open
Open
Short OAuth token lifespan (~ 5 mins) leads to unnecessary fetch of a new token#309
Labels
enhancementNew feature or request
@HeneryHawk

Description

@HeneryHawk
HeneryHawk
opened on Mar 19, 2026

Checklist

Describe the problem you'd like to have solved

The current implementation of the token validity validation treats tokens that expire in the next 5 minutes as not valid anymore.
Our token lifespan is 5 mins, so with every request to OpenFGA, the client requests a new token.
In my opinion, the 5-minute threshold that the client uses is a very long time. In our microservices environment, we use a 30-second threshold and have never had a problem with it.

Describe the ideal solution

Would it be possible to reduce this threshold or make it configurable? This would allow to continue using very short-lived tokens, which would improve security.

Alternatives and current workarounds

Increase the token lifespan.

References

No response

Additional context

Just as a side note, the default value for token lifespan in Keycloak is 5 minutes.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    SDKs and Tooling

    Status

    Intake

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions