You can configure OAuth tokens to have have a custom duration.
By default, the tokens are valid for 24 hours (86400 seconds).
The maximum age can be either set in the OAuth server
configuration or in any of the OAuth clients. The client settings
override the OAuth server setting.
To set the OAuth server token max age, edit the OAuth server
object: oc edit oauth cluster
and set the .spec.tokenConfig.accessTokenMaxAgeSeconds
parameter to the desired value:
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
...
spec:
tokenConfig:
accessTokenMaxAgeSeconds: 28800
To set the OAuth client token max age, edit the OAuth client
object: oc edit oauthclient $clientname
and set the top-level accessTokenMaxAgeSeconds
attribute.
apiVersion: oauth.openshift.io/v1
grantMethod: auto
kind: OAuthClient
metadata:
...
accessTokenMaxAgeSeconds: 28800
For more information on configuring the OAuth server, consult the
OpenShift documentation:
https://docs.openshift.com/container-platform/4.7/authentication/configuring-internal-oauth.html