I'm currently setting up Keycloak to offer protection for some services. There will be both external customers and internal services consuming the same endpoints on my services.
Can I set the token expiry on a user or role or client level, or use a mix of tokens and Basic auth?