Created question in FIWARE Q/A platform on 07-09-2022 at 11:09
Please, ANSWER this question AT https://stackoverflow.com/questions/73634766/control-the-oauth2-0-access-code-lifetime-for-keyrock-fiware-generic-enabler-u

Question:
Control the OAuth2.0 access code lifetime for keyrock (FIWARE generic enabler) using docker-compose

Description:
I am creating a docker-compose.yml file to define the services for a system I am developing and I am using keyrock for identity management of the users of that system.
Everything works as it should, however, when a login is successful, the default lifetime of the oath access token provided is 1 hour (3600 s) and I want to change this value. With that in mind, I went through the FIWARE Keyrock documentation and found a page containing the list of the environment variables that can be used with the keyrock docker image. This list is at
https://fiware-idm.readthedocs.io/en/latest/installation_and_administration_guide/environment_variables/index.html
Within the list there is an environment variable that controls precisely what I want to change: IDM_OAUTH_ACC_LIFETIME.
The problem is that if I use this environment variable, the access token lifetime returned in a login attempt is random (3 consecutive simulations):
{
"access_token": "f64c6c5309636270eb427ea16ab63c15360d9a51",
"token_type": "bearer",
"expires_in": 387,
"refresh_token": "72320636bfd139ef4ef84394f9ddf5b05eded623",
"scope": [
"bearer"
]
}
{
"access_token": "02a1b6713fac267bf73288e31fb5d174d4f5eb8f",
"token_type": "bearer",
"expires_in": 243,
"refresh_token": "e57f09fb7a7aa5c5dafacc922efcf0925657a965",
"scope": [
"bearer"
]
}
{
"access_token": "0e7330578eb90aafd02578916704c603a6cbbee9",
"token_type": "bearer",
"expires_in": 522,
"refresh_token": "0c7a7d92feb89dc5633bf9284fc4604b9caa0b68",
"scope": [
"bearer"
]
}

These results were achieved using IDM_OAUTH_ACC_LIFETIME=1. I know this value makes no sense but, after going nowhere, I was just trying to check results consistency and if the value would be constant between different login attempts. Regardless of the used value for the environment variable, the behaviour is always the same even if the default value of 3600 s is used instead (2 simulations for this scenario):
{
"access_token": "928adccd8f3e51dbb48bc20be2ce957d0ee065e9",
"token_type": "bearer",
"expires_in": 323567,
"refresh_token": "0ba291f2619cdecfde1861bb4875f236f5206cb4",
"scope": [
"bearer"
]
}
{
"access_token": "68031910836698330a188999bf3e472d55cf2d6c",
"token_type": "bearer",
"expires_in": 53594,
"refresh_token": "f225b3f2f2b68ad1d919a76997bb4d1ccd47523a",
"scope": [
"bearer"
]
}

Here is the service definition of the keyrock service in the docker-compose.yml file - i just set the environment variable:
keyrock:
labels:
project: 'testing'
restart: always
image: fiware/idm:$

container_name: fiware-keyrock
hostname: keyrock
networks:
default:
ipv4_address: 172.18.1.15
depends_on:

• mysql-db
  ports:
• "$ {KEYROCK_PORT}:${KEYROCK_PORT}

  " # localhost:3005
  environment:

• DEBUG=idm:*
• IDM_DB_HOST=mysql-db
• IDM_DB_PASS_FILE=/run/secrets/my_secret_data
• IDM_DB_USER=root
• IDM_HOST=http://localhost:$ {KEYROCK_PORT}
  - IDM_PORT=${KEYROCK_PORT}
• IDM_HTTPS_ENABLED=false
• IDM_HTTPS_PORT=$ {KEYROCK_HTTPS_PORT}
• IDM_ADMIN_USER=test
• IDM_ADMIN_EMAIL=geral@test.pt
• IDM_ADMIN_PASS=1111
• IDM_OAUTH_ACC_LIFETIME=3600
  • IDM_OAUTH_EMPTY_STATE=false
  • IDM_OAUTH_AUTH_LIFETIME=30
  • IDM_OAUTH_ASK_AUTH=true
  • IDM_OAUTH_REFR_LIFETIME=1209600
  • IDM_OAUTH_UNIQUE_URL=false
    secrets:
• my_secret_data
  healthcheck:
  interval: 5s

What am I doing wrong? Shouldn't the use of the environment variable be enough?