You can configure OAuth tokens to expire after a set period of
inactivity. By default, no token inactivity timeout is set.
The inactivity timeout can be either set in the OAuth server
configuration or in any of the OAuth clients. The client settings
override the OAuth server setting.
To set the OAuth server inactivity timeout, edit the OAuth server
object: oc edit oauth cluster
and set the .spec.tokenConfig.accessTokenInactivityTimeout
parameter to the desired value:
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
...
spec:
tokenConfig:
accessTokenInactivityTimeout:
Please note that the OAuth server converts the value internally to a human-readable format,
so that e.g. setting accessTokenInactivityTimeout=600s would be converted by the OAuth
server to accessTokenInactivityTimeout=10m0s.
For more information on configuring the OAuth server, consult the
OpenShift documentation:
https://docs.openshift.com/container-platform/4.7/authentication/configuring-oauth-clients.html