[keycloak-user] web and mobile behavior with logout/pw change

[Seann Ives]

Following up my own post, a similar enough question was posted a few years
ago here:
http://lists.jboss.org/pipermail/keycloak-user/2014-November/001145.html
which resulted in the creation of the jira issue here:
https://issues.jboss.org/browse/KEYCLOAK-825

What was the outcome of that jira ticket?  I signed up to the jboss dev
community in hopes I could check on my own but it appears I don't have
perms.

Thanks!
Seann


On Mon, Mar 14, 2016 at 10:40 AM, Seann Ives <sives at paintnite.com> wrote:

> Hello,
>
> Our web application has a standard keycloak integration.  Our mobile app
> is currently using keycloak direct access grants.  I've got a few questions
> about expected behavior when a user has overlapping usage of both web and
> mobile which I'm hoping somewhere here can kindly answer.
>
> 1. A user logs in to the mobile app and gets a JWT and a refresh token.
> The user then logs in to the web app (via KC) and then logs out of the web
> app (via KC).  Should the mobile refresh token then be able to successfully
> refresh the mobile JWT access token against KC, or does the web logout
> 'invalidate' the mobile refresh token?
>
> 2. Similar scenario but the web user changes their password instead of
> logging out:
> A user logs in to the mobile app and gets a JWT and a refresh token.  The
> user then logs in to the web app and then changes their password (through
> KC).  Should the mobile refresh token (created with the old password) then
> be able to successfully refresh the mobile JWT access token, or does the
> web logout 'invalidate' the mobile refresh token?
>
>
> Would the behavior in either of those cases be different if our mobile app
> used a webview redirecting to the KC server instead of using direct access
> grants?
>
> Thanks very much!
> Seann Ives
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160316/e23b3d51/attachment.html