[keycloak-dev] Offline tokens
Marek Posolda
mposolda at redhat.com
Mon Aug 31 09:06:48 EDT 2015
Actually KEYCLOAK_IDENTITY cookie is persistent just for the configured
idle timeout (like 30 minutes). But for the offline token, I imagine we
want to support the scenario when user authenticates to his application
after a week of inactivity or so.
Here I meant the cookie will be on the application side, not on the KC
side. When user opens his browser and goes to
http://localhost:8080/customer-portal , the application (adapter) side
will read the offline token from the persistent cookie and then login
user based on that.
Marek
On 21/08/15 14:50, Bill Burke wrote:
>
> On 8/21/2015 8:09 AM, Marek Posolda wrote:
>> - Actually, for the frontend adapters (both server and keycloak.js ) I
>> am thinking about adding the persistent cookie, which will be put on the
>> application after successful login and is valid for the same time like
>> the offline token (so couple of months). When browser is opened next
>> time, the adapter will find the cookie and send the validation request
>> to KC to check if offline token is still valid. This will allow the
>> browser application to be logged with the same offline token for couple
>> of months.
>>
> I don't understand why you need an offline token for browser
> applications. We already support persistent cookies.
>
More information about the keycloak-dev
mailing list