[Hawkular-dev] Keycloak Authorization Tokens
Juraci Paixão Kröhling
jpkroehling at redhat.com
Tue Aug 18 04:20:17 EDT 2015
Artur,
See inline.
On 08/17/2015 08:37 PM, Artur Dryomov wrote:
> Am I right?
Yes.
> Is this a proper behaviour?
Depends on what is deemed as "proper". It's the current behavior, yes.
> Can it be avoided without reconfiguring Keycloak?
No. Even if the refresh token is configured to not expire, it will
expire should the user perform a logout. In other words: every refresh
token needs an active user session, otherwise it's understood that it
has expired.
We have a JIRA to track this on Hawkular side:
https://issues.jboss.org/browse/HAWKULAR-259
Based on conversations I had with Stian (from the Keycloak team), the
required support on Keycloak side should be there in 1.5, to be released
in a couple of months.
> Who are we in this world?
That's a difficult one and I'll let other more experienced people answer it.
- Juca.
More information about the hawkular-dev
mailing list