无法将特定客户的 Keycloak 令牌有效期延长到一天之后

对于特定的客户端，我试图将客户端发出的jwt的访问时间延长到很长一段时间。

我已将客户的超时设置为 365 天：

但是，Keycloak 只发出 1 天后过期的 jwt：

KEYCLOAK_URL=http://localhost:8081/auth
REALM=users
ADMIN_CLIENT_ID=api-long-lived
ADMIN_CLIENT_SECRET=api-long-lived-password

token=$(curl --no-progress-meter --insecure --request POST $KEYCLOAK_URL/realms/$REALM/protocol/openid-connect/token \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data-urlencode "client_id=$ADMIN_CLIENT_ID" \
  --data-urlencode "client_secret=$ADMIN_CLIENT_SECRET" \
  --data-urlencode 'grant_type=client_credentials' \
  | jq -r .access_token)

eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJCZXFqMlF3WjQ1ZC13Z2dTLVdYVzlzVUNTQ2IwamJ4Y091RTZFSkJiOTY4In0.eyJleHAiOjE3MTEzNTc2NjAsImlhdCI6MTcxMTMyMTY2MCwianRpIjoiZmEzOTg5YmYtYzdmMi00NTE0LWJkMzUtY2UxZmI4YTc0NmE5IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL2F1dGgvcmVhbG1zL3VzZXJzIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjY2MmYzOWE0LTkxZWQtNGY4MS04NGZhLTcwOTZhODZjOTZlYiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFwaS1sb25nLWxpdmVkIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIvKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiIsImRlZmF1bHQtcm9sZXMtdXNlcnMiXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX0sImFwaS1sb25nLWxpdmVkIjp7InJvbGVzIjpbInVtYV9wcm90ZWN0aW9uIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwiY2xpZW50SG9zdCI6IjE3Mi4yNy4wLjEiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1hcGktbG9uZy1saXZlZCIsImNsaWVudEFkZHJlc3MiOiIxNzIuMjcuMC4xIiwiY2xpZW50X2lkIjoiYXBpLWxvbmctbGl2ZWQifQ.IrffhURy4BULBbVaHOUDp56aQOMkERGV3OiZ2nosAtQSdepBIe67aLsOewtW7Jkjui-q0qWPontqCaPZfqndmT5QIXdfuW1P9XMtDmm_R10dEgYa2wxb833_avp6O0_gxFKKL5qBZsm2jtYTIBqP-sqbeAvcqzSyakMAL9teoKzwAKYxlghdnGXNMzlBJU2h1k_c1kcQewWWdGTCwgThYrH6oU3wBWxi5cEkxrFb24-DNGoKgzYKeW-kFKlw9NEplLZJkVHEb8sjp8269Agvh3yZO5Dt235o0RLY2XweNFnGWVMLhO5wjtOET5bbbOocV_vA80_DXkNFXt1H2xFkHA

根据https://jwt.io解码为：

[...]
  "exp": 1711357660,
  "iat": 1711321660,

这相当于：

• 发布于

  March 24, 2024 02:07:40 GMT-0700

• 到期时间为

  March 25, 2024 02:07:40 GMT-0700

即使设置那么长的过期时间不是一个好主意，为什么我不能将该客户端的过期时间延长到 1 天以上？