Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1678

Unable to introspect refresh / offline tokens

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • Archive - 21'
    • RH-SSO-7.2.4.GA
    • Server
    • None
    • Hide

      Request a new token.
      Attempt to introspect refresh token with .../protocol/openid-connect/token/introspect, token_type_hint = refresh_token
      Response is "active": false

      Show
      Request a new token. Attempt to introspect refresh token with .../protocol/openid-connect/token/introspect, token_type_hint = refresh_token Response is "active": false

    Description

      RefreshTokenIntrospectionProvider extends AccessTokenIntrospectionProvider (and provides no additional functionality)

      All refresh token introspections are handled the same way as access token introspections and end up being passed to the org.keycloak.TokenVerifier. The default behaviour for this class is to reject anything with type != "Bearer" meaning that refresh and offline tokens are rejected even while still valid.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-hokuda Hisanobu Okuda
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: