<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">How about protocolMappers? If there
were no changes to user, the refreshToken endpoint won't call
protocolMappers but just use user data from previously saved
cached token from userSession?<br>
<br>
Marek<br>
<br>
<br>
On 02/12/15 19:25, Stian Thorgersen wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAeKm3Z3cQiQsc-y4GDu+DqWZRRGijH7yS4Rrfzn5dN6_w@mail.gmail.com"
type="cite">
<div dir="ltr">We don't replicate the session. It's a distributed
cache so it's fetched internally from the correct node.
<div><br>
</div>
<div>For refresh token maybe we could update the user session
for a user that they need to be checked against the user
changes? </div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 2 December 2015 at 18:58, Bill Burke
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span
class=""><br>
<br>
On 12/2/2015 12:54 PM, Bill Burke wrote:<br>
><br>
><br>
> On 12/2/2015 12:46 PM, Stian Thorgersen wrote:<br>
>> Wonder if we could do something similar with code
2 token. Could we not<br>
>> set a cookie there as well? Then at most there
would be two nodes for<br>
>> one user.<br>
>><br>
>> Alternative is to update code 2 token so it
doesn't require the user<br>
>> model. That would be more elegant. We could do
that by making sure user<br>
>> sessions are updated when required if user model
changes.<br>
>><br>
><br>
> You could optimistically create the token and store
it within the client<br>
> session. But then your overhead is in replication?
Then again is<br>
> replicating a few kilobytes that big of a deal?<br>
><br>
<br>
</span>Answering my own question...It probabbly isn't a big
deal as you are<br>
already replicating the client session anyways.<br>
<br>
Doesn't help refresh token though. Refresh token needs to
verify the<br>
user is still enabled.<br>
<span class=""><br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a moz-do-not-send="true"
href="http://bill.burkecentral.com" rel="noreferrer"
target="_blank">http://bill.burkecentral.com</a><br>
</span><span class="">_______________________________________________<br>
keycloak-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
</span><a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</body>
</html>