Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9464

app-authz-uma-photoz quickstart doesn't handle expired RPT

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      When KC returns the response with RPT token to the frontend client, the response contains also the refresh token. So refreshing of RPTs is possible.

      However the keycloak-authz.js client doesn't have any support for automatically refreshing RPT token. I mean something similar, which is provided by keycloak.js itself (method "keycloak.updateToken" which automatically refreshes the token if needed). Due this limitation, it seems there is a bug in our quickstart.

      When you try the quickstart "app-authz-uma-photoz" and you go through the flow like this:

      • Open http://localhost:8080/photoz-html5-client and login as jdoe
      • Create some album
      • Wait 10 minutes (RPT expiration is same like AccessTokenLifespan, so 5
        minutes by default)
      • Try to create some album again - now fails with 403 due the RPT
        expired and no support for refreshing it in the keycloak-authz.js or the
        application itself

        Gliffy Diagrams

          Attachments

            Issue Links

            is related to

            Feature Request - A new feature of the product, which has yet to be developed. KEYCLOAK-9468 Improve keycloak-authz.js to automatically exchange UMA tickets and refresh tokens

            • Major - A request that should be considered seriously but is not a show stopper.
            • Triage

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  mposolda Marek Posolda
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated: