Set default timeSkew to 60 seconds to avoid forced token refresh (#52)

Closes #52

Signed-off-by: Janek Beck <[email protected]>

Author: JanekBeck

lib/keycloak.d.ts

@@ -112,8 +112,10 @@ export interface KeycloakInitOptions {
 	idToken?: string;
 
 	/**
-	 * Set an initial value for skew between local time and Keycloak server in
-	 * seconds (only together with `token` or `refreshToken`).
+	 * Set an initial value for skew between local and Keycloak server time (in
+	 * seconds). This is also used to determine whether the initial
+	 * token is still valid (only together with `token` or `refreshToken`).
+	 * @default 60
 	 */
 	timeSkew?: number;
 
@@ -433,11 +435,11 @@ declare class Keycloak {
 	idTokenParsed?: KeycloakTokenParsed;
 
 	/**
-	* The estimated time difference between the browser time and the Keycloak
-	* server in seconds. This value is just an estimation, but is accurate
+	* The estimated time difference between the browser and the Keycloak
+	* server time (in seconds). This value is just an estimation, but is accurate
 	* enough when determining if a token is expired or not.
 	*/
-	timeSkew?: number;
+	timeSkew: number;
 
 	/**
 	* Whether the instance has been initialized by calling `.init()`.

lib/keycloak.js

@@ -129,9 +129,7 @@ function Keycloak (config) {
             kc.flow = initOptions.flow;
         }
 
-        if (initOptions.timeSkew != null) {
-            kc.timeSkew = initOptions.timeSkew;
-        }
+        kc.timeSkew = initOptions.timeSkew ?? 60;
 
         if(initOptions.redirectUri) {
             kc.redirectUri = initOptions.redirectUri;
@@ -299,7 +297,7 @@ function Keycloak (config) {
                         });
                     });
                 } else {
-                    kc.updateToken(-1).then(function() {
+                    kc.updateToken().then(function() {
                         kc.onAuthSuccess && kc.onAuthSuccess();
                         initPromise.setSuccess();
                     }).catch(function(error) {
@@ -603,11 +601,6 @@ function Keycloak (config) {
             throw 'Not authenticated';
         }
 
-        if (kc.timeSkew == null) {
-            logInfo('[KEYCLOAK] Unable to determine if token is expired as timeskew is not set');
-            return true;
-        }
-
         var expiresIn = kc.tokenParsed['exp'] - Math.ceil(new Date().getTime() / 1000) + kc.timeSkew;
         if (minValidity) {
             if (isNaN(minValidity)) {
@@ -987,17 +980,15 @@ function Keycloak (config) {
                 kc.timeSkew = Math.floor(timeLocal / 1000) - kc.tokenParsed.iat;
             }
 
-            if (kc.timeSkew != null) {
-                logInfo('[KEYCLOAK] Estimated time difference between browser and server is ' + kc.timeSkew + ' seconds');
+            logInfo('[KEYCLOAK] Estimated time difference between browser and server is ' + kc.timeSkew + ' seconds');
 
-                if (kc.onTokenExpired) {
-                    var expiresIn = (kc.tokenParsed['exp'] - (new Date().getTime() / 1000) + kc.timeSkew) * 1000;
-                    logInfo('[KEYCLOAK] Token expires in ' + Math.round(expiresIn / 1000) + ' s');
-                    if (expiresIn <= 0) {
-                        kc.onTokenExpired();
-                    } else {
-                        kc.tokenTimeoutHandle = setTimeout(kc.onTokenExpired, expiresIn);
-                    }
+            if (kc.onTokenExpired) {
+                var expiresIn = (kc.tokenParsed['exp'] - (new Date().getTime() / 1000) + kc.timeSkew) * 1000;
+                logInfo('[KEYCLOAK] Token expires in ' + Math.round(expiresIn / 1000) + ' s');
+                if (expiresIn <= 0) {
+                    kc.onTokenExpired();
+                } else {
+                    kc.tokenTimeoutHandle = setTimeout(kc.onTokenExpired, expiresIn);
                 }
             }
         } else {