Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9464

app-authz-uma-photoz quickstart doesn't handle expired RPT

    XMLWordPrintable

Details

    • NEW
    • NEW

    Description

      When KC returns the response with RPT token to the frontend client, the response contains also the refresh token. So refreshing of RPTs is possible.

      However the keycloak-authz.js client doesn't have any support for automatically refreshing RPT token. I mean something similar, which is provided by keycloak.js itself (method "keycloak.updateToken" which automatically refreshes the token if needed). Due this limitation, it seems there is a bug in our quickstart.

      When you try the quickstart "app-authz-uma-photoz" and you go through the flow like this:

      • Open http://localhost:8080/photoz-html5-client and login as jdoe
      • Create some album
      • Wait 10 minutes (RPT expiration is same like AccessTokenLifespan, so 5
        minutes by default)
      • Try to create some album again - now fails with 403 due the RPT
        expired and no support for refreshing it in the keycloak-authz.js or the
        application itself

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              mposolda@redhat.com Marek Posolda
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: