[keycloak-user] Client setup recommandation

David Delbecq david_delbecq at trimble.com
Mon Feb 6 06:01:55 EST 2017 

Could you elaborate on why this is a bad idea? This seems to be dedicated
to the kind of request if have, getting a refresh token valid for a long
period, while keeping regular client with shorter refresh token.



On Fri, Feb 3, 2017 at 9:35 AM Stian Thorgersen <sthorger at redhat.com> wrote:

> It's all controlled by the session and there are no way to get tokens that
> work for longer. Issuing offline tokens to a web application would be a
> really bad idea. If you want users to remain authenticated set the idle to
> a higher value. That's it.
>
> On 25 January 2017 at 15:09, David Delbecq <david_delbecq at trimble.com>
> wrote:
>
> Hello,
>
> we have a javascript web application we are migrating to keycloak. I am not
> sue what are the recommandations on setting up configuration for that
> client with the following requirement:
>
> Once user triggers the "login" and gets keycloak authenticated, we should
> get a bearer token to use later on REST services.
> The user should not be requested again to login, unless he logs out. Even
> if he closes his browser. So we need a way to keep or replace token on a
> regular basis. Is there some keycloak REST service we can poll on a regular
> basis for this?
> Sometimes the user goes "off grid" (no network communication) for several
> hours. How can we ensure we still keep logged in?
>
> My first idea was to just increase the SSO timeout and token validity to 30
> days. But it seems like a bad idea from my reading of keycloak
> documentation. So i tried to use an offline token instead, but it seems the
> implicit flow doesn't allow you to get an offline token. All token i get
> after login are marked as expiring within 15 minutes.
>
> What's the recommended way to get long lived refresh token, using implicit
> flow?
>
> --
> <http://www.trimble.com/>
>
>
> David Delbecq
> Software engineer, Transport & Logistics
> Geldenaaksebaan 329, 1st floor | 3001 Leuven
>
> +32 16 391 121 <+32%2016%20391%20121> Direct
> david.delbecq at trimbletl.com
> <http://www.trimbletl.com/>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
<http://www.trimble.com/>
David Delbecq
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct
david.delbecq at trimbletl.com
<http://www.trimbletl.com/>

More information about the keycloak-user mailing list