[KEYCLOAK-9464] app-authz-uma-photoz quickstart doesn't handle expired RPT - Red Hat Issue Tracker

XML

Word

Printable

Details

Type: Enhancement
Status: Closed
Priority: Minor
Resolution: Obsolete
Affects Version/s: 4.8.3.Final
Fix Version/s: Backlog
Component/s: Authorization Services, Quickstarts
Labels:
- help-wanted

Docs QE Status:
NEW
QE Status:
NEW

Description

When KC returns the response with RPT token to the frontend client, the response contains also the refresh token. So refreshing of RPTs is possible.

However the keycloak-authz.js client doesn't have any support for automatically refreshing RPT token. I mean something similar, which is provided by keycloak.js itself (method "keycloak.updateToken" which automatically refreshes the token if needed). Due this limitation, it seems there is a bug in our quickstart.

When you try the quickstart "app-authz-uma-photoz" and you go through the flow like this:

Open http://localhost:8080/photoz-html5-client and login as jdoe
Create some album
Wait 10 minutes (RPT expiration is same like AccessTokenLifespan, so 5
minutes by default)
Try to create some album again - now fails with 403 due the RPT
expired and no support for refreshing it in the keycloak-authz.js or the
application itself

Attachments

Issue Links

is related to

KEYCLOAK-9468 Improve keycloak-authz.js to automatically exchange UMA tickets and refresh tokens

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Marek Posolda

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2019/01/30 3:19 PM

Updated:: 2021/11/09 8:53 AM

Resolved:: 2021/11/09 8:53 AM