[keycloak-dev] we do not support offline tokens

Pedro Igor Silva psilva at redhat.com
Wed Mar 14 12:46:27 EDT 2018


I think facebook, kube and openshift have different requirements. They can
use persistent tokens because they have complete control over their
lifetime and they are targeted to be used within their environments.

Facebook in particular acts as both AS and resource server.

On Wed, Mar 14, 2018 at 1:02 PM, Bill Burke <bburke at redhat.com> wrote:

> On Wed, Mar 14, 2018 at 10:55 AM, Schuster Sebastian (INST/ESY1)
> <Sebastian.Schuster at bosch-si.com> wrote:
> > I always thought an offline token is a long-living refresh token...
> >
> > Best regards,
> > Sebastian
> >
>
> Yes, that's how OIDC thinks of offline tokens and how we've
> implemented it.  But facebook, kubernetes, openshift have the concept
> of a persistent token that can be used in bearer requests.
>
> Bill
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list