Details
-
Enhancement
-
Status: Closed
-
Minor
-
Resolution: Obsolete
-
4.8.3.Final
-
NEW
-
NEW
Description
When KC returns the response with RPT token to the frontend client, the response contains also the refresh token. So refreshing of RPTs is possible.
However the keycloak-authz.js client doesn't have any support for automatically refreshing RPT token. I mean something similar, which is provided by keycloak.js itself (method "keycloak.updateToken" which automatically refreshes the token if needed). Due this limitation, it seems there is a bug in our quickstart.
When you try the quickstart "app-authz-uma-photoz" and you go through the flow like this:
- Open http://localhost:8080/photoz-html5-client and login as jdoe
- Create some album
- Wait 10 minutes (RPT expiration is same like AccessTokenLifespan, so 5
minutes by default) - Try to create some album again - now fails with 403 due the RPT
expired and no support for refreshing it in the keycloak-authz.js or the
application itself
Attachments
Issue Links
- is related to
-
KEYCLOAK-9468 Improve keycloak-authz.js to automatically exchange UMA tickets and refresh tokens
-
- Closed
-