Keycloak seassion expired

[janstefin]

Module

auth_oidc

Describe the bug

After logging in through Keycloak, the user is redirected back to Odoo successfully.
However, after ≈ 10–20 minutes of inactivity, the next request returns: Session expired

To Reproduce

Steps:

1. Configure a Keycloak client for Odoo with “Standard Flow” and “Refresh Tokens”.
2. In Odoo, install auth_oidc and create an Identity Provider with the client ID/secret, discovery URL, and “Auto create users” enabled.
3. Log in as a normal user via Keycloak – authentication succeeds.
4. Wait 10‑20 minutes without interacting.

Expected behavior
The refresh token should be exchanged automatically and the Odoo session should remain valid until either:

• Keycloak Access‑Token lifespan is reached and a refresh fails, or
• Odoo’s own session timeout value (default 1 day) expires.

Odoo config (snippet)

[auth_oidc]
client_id =
client_secret =
scopes = openid,profile,email,offline_access

[vincent-hatakeyama]

Which version of the module is concerned?

Odoo’s own session timeout value (default 1 day) expires.

The default is a week.