TUI: where and how to configure the lifetime of a Bearer token obtained for a client

[dhanan-np]

Usage for: Generating Tokens for a client using curl with the url: https://my-auth-dummyhost/jans-auth/restv1/token

Navigation to the window: jans-cli-tui => Auth-Server => Clients
Tab to Search-box and press enter to populate the list of clients.
Now move the cursor to a Client and press Enter to open up the Edit Clients window.
Key down to Tokens section in the left pane. There we have option to choose as per the following-
Access Token Type:

1. JWT . Selecting it is generating JWT token which is fine.
2. Reference . Selecting it is generating reference token which is fine.

-in case of Token-type=> JWT
Access token Lifetime: setting any value; has no effect on the access token's expiry. I was always getting the same value in JWT token i.e. 1682665042 in my case, whereas iat was different all the time.
Refresh token Lifetime: any-value; I am not getting any refresh-token in response. How do I get it in response?
Default max authn age: couldn't find the use.

-in case of Token-type=> Reference
Access token Lifetime: setting any value 3500; expires_in time was 3499. So for any value n I was getting n-1 where n<=4000 and for any value n>4000 I was getting 3999 .
Refresh token Lifetime: any-value; I am not getting any refresh-token in response. How do I get it in response?
Default max authn age: couldn't find the use.

Can you please help me with the situation.

[ossdhaval]

It seems that answer for some of these observations could be in AS behavior. @yuriyz can you share your thoughts?

[yuriyz]

It sounds as you have keyRegenerationEnabled: true on your AS. See #1233
When local AS key regeneration is on and clients accessTokenAsJwt: true then AS adapts lifetime accordingly.

Please set keyRegenerationEnabled: false or client's accessTokenAsJwt: false, wait 15min after change (or restart AS) and then re-test.