[keycloak-user] Refresh token - should it expire?
sthorger at redhat.com
Wed Oct 14 00:46:54 EDT 2015
Yes, clients and users have to have permissions to use offline tokens.
Further the client has to explicitly request offline tokens using a scope
On 13 October 2015 at 20:34, Scott Rossillo <srossillo at smartling.com> wrote:
> Will the option to create an offline token be client specific? For
> example, client A should follow realm-wide expirations but client B should
> be able to issue offline refresh tokens.
> Scott Rossillo
> Smartling | Senior Software Engineer
> srossillo at smartling.com
> [image: Powered by Sigstr] <http://www.sigstr.com/>
> On Aug 18, 2015, at 7:14 AM, Juraci Paixão Kröhling <juraci at kroehling.de>
> Sounds good, thanks!
> - Juca.
> On 08/18/2015 12:52 PM, Stian Thorgersen wrote:
> We still aim to get this included in 1.5, which is scheduled for early
> September. It may slip to 1.6 which is scheduled for early October.
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-user