Details
-
Feature Request
-
Status: Closed
-
Minor
-
Resolution: Obsolete
-
4.8.3.Final
Description
We discussed on ML http://lists.jboss.org/pipermail/keycloak-dev/2019-January/011549.html that Java authorization client can be possibly improved to being able to automatically refresh expired RPT tokens and automatically exchange UMA ticket, which was sent from resource-server, for the new RPT with corresponding permissions.
Some initial proposal how it can possibly look for javascript client is in KEYCLOAK-9468
I've recently did some frontend client java application. I've needed to add support for refreshing RPT and exchanging UMA tickets directly to the app. Just added some links for the code I used (I hope it is possible to do it in some much more pretty way ):
- Here is the REST service invocation from client: https://github.com/mposolda/devconf2019-authz/blob/master/devconf2019-app/src/main/java/org/keycloak/quickstarts/devconf2019/app/service/CarsClientService.java#L93-L99
- The "retry" looks like this. It will basically try to re-invoke the REST service with new RTP: https://github.com/mposolda/devconf2019-authz/blob/master/devconf2019-app/src/main/java/org/keycloak/quickstarts/devconf2019/app/service/CarsClientService.java#L118-L146
- The HandledException could be thrown by the REST error handler, which in case of 401 will try to parse UMA ticket and exchange it for RPT: https://github.com/mposolda/devconf2019-authz/blob/master/devconf2019-app/src/main/java/org/keycloak/quickstarts/devconf2019/app/config/UMAErrorHandler.java and then throw this HandledException, which will be catched later by the "Retry" class, which will re-invoke the REST endpoint.
- Refreshing the RPT tokens is done by the other handler, which is invoked before REST request is sent: https://github.com/mposolda/devconf2019-authz/blob/master/devconf2019-app/src/main/java/org/keycloak/quickstarts/devconf2019/app/config/AuthzClientRequestFactory.java#L43-L60
Attachments
Issue Links
- relates to
-
KEYCLOAK-9468 Improve keycloak-authz.js to automatically exchange UMA tickets and refresh tokens
-
- Closed
-