AutoRefreshToken always use the default sessionTimeout (300000)

[mdeverdelhan]

Bug report

Seems to be a bug.

Versions

    "keycloak-angular": "^19.0.2",
    "keycloak-js": "^26.0.7",

Problem

Setting sessionTimeout to 1000 has no effect (logout still occurs after 300000 ms) with this config:

import { ApplicationConfig, inject, provideZoneChangeDetection } from '@angular/core';
import { provideRouter } from '@angular/router';
import { AutoRefreshTokenService, createInterceptorCondition, INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG, IncludeBearerTokenCondition, includeBearerTokenInterceptor, provideKeycloak, UserActivityService, withAutoRefreshToken } from 'keycloak-angular';

import { routes } from './app.routes';
import { provideHttpClient, withInterceptors } from '@angular/common/http';

const urlCondition = createInterceptorCondition<IncludeBearerTokenCondition>({
  urlPattern: /^(http:\/\/localhost:8080)(\/.*)?$/i,
  bearerPrefix: 'Bearer'
});

export const appConfig: ApplicationConfig = {
  providers: [

    // https://github.com/mauriciovigolo/keycloak-angular/tree/main?tab=readme-ov-file#setup
    provideKeycloak({
      config: {
        url: 'http://localhost:8090',
        realm: 'my-realm',
        clientId: 'my-client',
      },
      initOptions: {
        onLoad: 'check-sso',
        silentCheckSsoRedirectUri: window.location.origin + '/assets/silent-check-sso.html'
      },
      features: [
        withAutoRefreshToken({
          onInactivityTimeout: 'logout',
          sessionTimeout: 1000
        })
      ],
      providers: [AutoRefreshTokenService, UserActivityService]
    }),

    provideZoneChangeDetection({ eventCoalescing: true }),

    provideRouter(routes),

    {
      provide: INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG,
      useValue: [urlCondition] // <-- Note that multiple conditions might be added.
      // See https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/interceptors.md
    },

    provideHttpClient(withInterceptors([includeBearerTokenInterceptor]))

  ]
};

I tried replacing:

        withAutoRefreshToken({
          onInactivityTimeout: 'logout',
          sessionTimeout: 1000
        })

by:

        {
          configure: () => {
            const autoRefreshTokenService = inject(AutoRefreshTokenService);
            autoRefreshTokenService.start({
              onInactivityTimeout: 'logout',
              sessionTimeout: 1000
            });
            console.log(autoRefreshTokenService)
          }
        }

But it did not change anything.

One more thing

By the way why are there 2 types for *RefreshTokenOptions?

• keycloak-angular/projects/keycloak-angular/src/lib/features/with-refresh-token.feature.ts

  Line 20 in 5fa0962

  type WithRefreshTokenOptions = {

• keycloak-angular/projects/keycloak-angular/src/lib/services/auto-refresh-token.service.ts

  Line 18 in 5fa0962

  type AutoRefreshTokenOptions = {

[giusepperevoltech]

I confirm I am experiencing the same issue

[giusepperevoltech]

This is my app.config.ts.

export const appConfig: ApplicationConfig = {
  providers: [
    provideExperimentalZonelessChangeDetection(),
    provideRouter(routes),
    provideKeycloak({
      config: {
        url: environment.keycloakUrl,
        realm: environment.keycloakRealm,
        clientId: environment.keycloakClientId
      },
      initOptions: {
        onLoad: 'login-required',
        silentCheckSsoRedirectUri: window.location.origin + '/silent-check-sso.html'
      },
      features: [
        withAutoRefreshToken({
          onInactivityTimeout: 'logout',
          sessionTimeout: 60000 // 10 minutes
        })
      ],
      providers: [AutoRefreshTokenService, UserActivityService]
    }),
  ]
};

It might depends by the zoneless approach? I've noticed that UserActivityService relies on ngZone.