A common recommendation is for access tokens to be short-lived. That’s what we have configured in JHipster. If you start your Keycloak container in Docker, and go to http://localhost:9080/auth/admin/master/console/#/realms/jhipster/token-settings, you’ll see this setting.
You could increase this value, but it’s better to use refresh tokens. To do this, update src/main/resources/config/application.yml to add offline_access as a scope.
security:
oauth2:
client:
provider:
oidc:
issuer-uri: http://localhost:9080/auth/realms/jhipster
registration:
oidc:
client-id: web_app
client-secret: web_app
scope: openid,profile,email,offline_access
You might find this article helpful to understand refresh tokens. Understanding Refresh Tokens - Auth0