[keycloak-user] How to know when to get a refreshed bearer token

Hubert Przybysz h.p.przybysz at gmail.com
Wed Jan 7 17:25:28 EST 2015


Thanks for the heads-up. I'll take a closer look at the javascript adapter.

FYI, I've found the k_query_bearer_token request quite useful for a web app
that uses a mix of server-side and javascript components.

On Wed, Jan 7, 2015 at 4:00 PM, Bill Burke <bburke at redhat.com> wrote:

> You probably should not be using the k_query_bearer_token request.  I'm
> thinking of removing it because it is vulnerable to CSRF attacks. Instead
> use keycloak.js for javascript apps.
>
> On 1/7/2015 9:29 AM, Hubert Przybysz wrote:
>
>> The token is indeed updated automatically when it is requested. I was
>> rather wondering if there was a way to not have to request it prior to
>> each AJAX request. Currently, since the application does not know when
>> the token expires, it has to either get it prior to each AJAX request,
>> or try to use a possibly stale token and request it again when it gets a
>> 401 from the REST service. It would be nice to get information about
>> token expiry together with the token in response to k_query_bearer_token
>> request.
>>
>> On Wed, Jan 7, 2015 at 3:11 PM, Bill Burke <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>>
>>     IIRC, if you're using the correct APIs (in Javascript or on the server
>>     side), the token will be automatically updated for you when you
>>     request it.
>>
>>     On 1/7/2015 4:06 AM, Hubert Przybysz wrote:
>>      > Hi,
>>      >
>>      > My jee web application uses its bearer token when issuing AJAX
>>     requests
>>      > to other REST services within the realm (but at different
>>     origins). It
>>      > does it by reading the exposed bearer token prior to making an AJAX
>>      > request. Is there a mechanism by which the application may find
>>     out when
>>      > the bearer token is refreshed, to make it possible to read the
>> bearer
>>      > token only when needed ?
>>      >
>>      > Br / Hubert.
>>      >
>>      >
>>      > _______________________________________________
>>      > keycloak-user mailing list
>>      > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.
>> jboss.org>
>>      > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>      >
>>
>>     --
>>     Bill Burke
>>     JBoss, a division of Red Hat
>>     http://bill.burkecentral.com
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150107/5684a87a/attachment.html 


More information about the keycloak-user mailing list