[keycloak-user] Client setup recommandation

David Delbecq david_delbecq at trimble.com
Wed Jan 25 09:09:59 EST 2017


Hello,

we have a javascript web application we are migrating to keycloak. I am not
sue what are the recommandations on setting up configuration for that
client with the following requirement:

Once user triggers the "login" and gets keycloak authenticated, we should
get a bearer token to use later on REST services.
The user should not be requested again to login, unless he logs out. Even
if he closes his browser. So we need a way to keep or replace token on a
regular basis. Is there some keycloak REST service we can poll on a regular
basis for this?
Sometimes the user goes "off grid" (no network communication) for several
hours. How can we ensure we still keep logged in?

My first idea was to just increase the SSO timeout and token validity to 30
days. But it seems like a bad idea from my reading of keycloak
documentation. So i tried to use an offline token instead, but it seems the
implicit flow doesn't allow you to get an offline token. All token i get
after login are marked as expiring within 15 minutes.

What's the recommended way to get long lived refresh token, using implicit
flow?
-- 
<http://www.trimble.com/>
David Delbecq
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct
david.delbecq at trimbletl.com
<http://www.trimbletl.com/>


More information about the keycloak-user mailing list