[keycloak-user] Bearer Only Application and refresh token
bburke at redhat.com
Mon Nov 10 10:51:32 EST 2014
On 11/10/2014 9:48 AM, Davide Ungari wrote:
> following some of your suggestions I designed an application composed of a:
> 1- frontend web application
> 2- backend REST API
> The frontend has a servlet-proxy to the backend REST API to avoid cross
> domain problems.
Take a look at the CORS spec and also Keycloak's support for it. You
don't need a servlet proxy.
> The backend has a bearer-only configuration.
> Everything is working until the token does not expire, I tried to force
> refresh when I recieve 401 status but it does not work.
Do you mean everything works until the token expires?
> What is supposed to be done every time the access tokes expires?
Whoever obtained the access token is responsible for refreshing it. If
keycloak.js library which will handle refreshing tokens. Combine this
with CORS if you need to invoke backend REST services that are on
another domain. There's a few examples in the distro that show how to
JBoss, a division of Red Hat
More information about the keycloak-user