[keycloak-user] How to authenticate using offline refresh_token

Tue Apr 4 13:10:32 EDT 2017

Maybe try:

Authorization: Bearer {access_token}

(uppercase Bearer)

On Apr 4, 2017 18:41, "Mariusz Chruscielewski - Info.nl" <mariusz at info.nl>
wrote:

Hi,

We are using scope=offline_token param to get refresh_token that is valid
for long time, then we do call :

grant_type=refresh_token&client_id=xxxx&scope=offline_
access&refresh_token={refresh_token}

to get access_token, and that call returns access_token with status 200.
Next step is to call our custom REST Endpoint using authorization header:

Authorization: bearer {access_token}

But in Keycloak itself, when we try to check if token  is valid:

private final AuthenticationManager.AuthResult auth;

public EntitlementResourceProvider(KeycloakSession session, String abosUrl,
String abosUsername, String abosPassword) {
        this.session = session;
        this.auth = new AppAuthManager().authenticateBearerToken(session,
session.realms().getRealm(Constants.XXXXXXX));
}

this.auth is null, when I was debugging this, I found that Keycloak
reports: Token invalid. How can it be invalid, if it was just issued?

What is even more interesting, this works between first login using
credentials and time configured as SSO Session Idle (so in our case for 30
minutes)

I understand that session is closed after some Idle time, but if we have
valid refresh_token, and we get new access_token, why doesn't it validate?
Am I using wrong method?

Kind Regards,

Mariusz Chruścielewski

software engineer

mariusz at info.nl<mailto:mariusz at info.nl>  |  LinkedIn<https://www.linkedin.
com/in/mariusz-chruscielewski>  |  +31 (0)20 530 9113<tel:+31205309113%20>

info.nl <http://www.info.nl>

Sint Antoniesbreestraat 16  |  1011 HB Amsterdam  |  +31 (0)20 530 9100<tel:
+31205309100>

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user