Add missing fields for client offline session timeout and lifespan

Closes #42369 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-12-16 20:15:46 -06:00 · 2025-09-12 14:23:14 +02:00
parent cb5a768129
commit a44da52013
4 changed files with 63 additions and 1 deletions
--- a/docs/documentation/server_admin/topics/sessions/timeouts.adoc
+++ b/docs/documentation/server_admin/topics/sessions/timeouts.adoc
@@ -35,12 +35,17 @@ image:images/sessions-tab.png[Sessions Tab]

 [[_offline-session-max-limited]]
 |Offline Session Max Limited
-|This setting is for <<_offline-access, offline access>>. If this flag is *Enabled*, Offline Session Max can control the maximum time the offline token remains active, regardless of user activity. If the flag is *Disabled*, offline sessions never expire by lifespan, only by idle. Once this option is activated, the <<_offline-session-max, Offline Session Max>> (global option at realm level) and *Client Offline Session Max* (specific client level option in the *Advanced Settings* tab) can be configured.
+|This setting is for <<_offline-access, offline access>>. If this flag is *Enabled*, Offline Session Max can control the maximum time the offline token remains active, regardless of user activity. If the flag is *Disabled*, offline sessions never expire by lifespan, only by idle. Once this option is activated, the <<_offline-session-max, Offline Session Max>> and <<_client_offline-session-max, Client Offline Session Max>> (global option at realm level) can be configured.

 [[_offline-session-max]]
 |Offline Session Max
 |This setting is for <<_offline-access, offline access>>, and it is the maximum time before {project_name} revokes the corresponding offline token. This option controls the maximum amount of time the offline token remains active, regardless of user activity.

+[[_client_offline-session-max]]
+|Client Offline Session Max
+|This setting is for <<_offline-access, offline access>>, and it is the maximum time before {project_name} revokes the corresponding offline token for the client. This option controls the maximum amount of time the offline token remains active, regardless of user activity.
+Users can override it for individual clients in the *Advanced Settings* client tab.
+
 |Login timeout
 |The total time a logging in must take. If authentication takes longer than this time, the user must start the authentication process again.

--- a/js/apps/admin-ui/src/realm-settings/SessionsTab.tsx
+++ b/js/apps/admin-ui/src/realm-settings/SessionsTab.tsx
@@ -243,6 +243,32 @@ export const RealmSettingsSessionsTab = ({
            />
          </FormGroup>

+          <FormGroup
+            label={t("clientOfflineSessionIdle")}
+            fieldId="clientOfflineSessionIdle"
+            labelIcon={
+              <HelpItem
+                helpText={t("clientOfflineSessionIdleHelp")}
+                fieldLabelId="clientOfflineSessionIdle"
+              />
+            }
+          >
+            <Controller
+              name="clientOfflineSessionIdleTimeout"
+              control={control}
+              render={({ field }) => (
+                <TimeSelector
+                  className="kc-client-offline-session-idle"
+                  data-testid="client-offline-session-idle-input"
+                  aria-label="client-offline-session-idle-input"
+                  value={field.value!}
+                  onChange={field.onChange}
+                  units={["minute", "hour", "day"]}
+                />
+              )}
+            />
+          </FormGroup>
+
          <FormGroup
            hasNoPaddingTop
            label={t("offlineSessionMaxLimited")}
@@ -298,6 +324,33 @@ export const RealmSettingsSessionsTab = ({
              />
            </FormGroup>
          )}
+          {offlineSessionMaxEnabled && (
+            <FormGroup
+              label={t("clientOfflineSessionMax")}
+              fieldId="clientOfflineSessionMax"
+              id="client-offline-session-max-label"
+              labelIcon={
+                <HelpItem
+                  helpText={t("clientOfflineSessionMaxHelp")}
+                  fieldLabelId="clientOfflineSessionMax"
+                />
+              }
+            >
+              <Controller
+                name="clientOfflineSessionMaxLifespan"
+                control={control}
+                render={({ field }) => (
+                  <TimeSelector
+                    className="kc-client-offline-session-max"
+                    data-testid="client-offline-session-max-input"
+                    value={field.value!}
+                    onChange={field.onChange}
+                    units={["minute", "hour", "day"]}
+                  />
+                )}
+              />
+            </FormGroup>
+          )}
        </FormAccess>
      </FormPanel>
      <FormPanel
--- a/js/apps/admin-ui/src/realm-settings/realm-settings-section.css
+++ b/js/apps/admin-ui/src/realm-settings/realm-settings-section.css
@@ -115,6 +115,8 @@ div#offline-session-max-label > .pf-v5-c-form__group-label {
 .kc-offline-session-max-input,
 .kc-client-session-idle-input,
 .kc-client-session-max-input,
+.kc-client-offline-session-max-input,
+.kc-client-offline-session-idle-input,
 .kc-login-timeout-input,
 .kc-login-action-timeout-input,
 .kc-access-token-lifespan-input,
--- a/js/libs/keycloak-admin-client/src/defs/realmRepresentation.ts
+++ b/js/libs/keycloak-admin-client/src/defs/realmRepresentation.ts
@@ -120,6 +120,8 @@ export default interface RealmRepresentation {
  ssoSessionMaxLifespanRememberMe?: number;
  clientSessionIdleTimeout?: number;
  clientSessionMaxLifespan?: number;
+  clientOfflineSessionIdleTimeout?: number;
+  clientOfflineSessionMaxLifespan?: number;
  supportedLocales?: string[];
  // UserFederationMapperRepresentation
  userFederationMappers?: any[];