[keycloak-user] Clarification regarding Offline Token
Marek Posolda
mposolda at redhat.com
Thu Nov 12 03:24:09 EST 2015
You can use that in browser application with authorization_code too.
That's not a problem.
For refresh_token you can't at this point. The offline token itself is
special kind of refresh token (It's refresh token which never expires).
So if you send refresh request with offline token, you will
automatically receive new offline token. Otherwise if you send refresh
request with "classic" refresh token, you will receive another classic
refresh token. I suggest to look at documentation
http://keycloak.github.io/docs/userguide/keycloak-server/html/timeouts.html#offline-access
and try the example (referenced from documentation). The example is
browser application and it uses authorization_code .
Marek
On 11/11/15 19:19, robinfernandes . wrote:
> Hi All,
>
> Just wanted a clarification regarding generation of offline tokens.
>
> 1. Can we use the *grant_type = authorization_code* or*grant_type =
> refresh_token* to get the offline tokens? Or is it only available for
> grant_type = password & grant_type = client_credentials?
>
> 2. Is there a way to give offline token to a particular user without
> using direct access grants?
>
> Thanks,
> Robin
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151112/46a26e0c/attachment.html
More information about the keycloak-user
mailing list