[keycloak-user] AdapterTokenStore: automatic refresh token
Antoine Carton
antoine at saagie.com
Thu Jul 6 08:55:29 EDT 2017
Hello,
I have implemented an org.keycloak.adapters.AdapterTokenStore, like the
existing ones, for example:
- org.keycloak.adapters.jetty.core.JettyCookieTokenStore (from
keycloak-jetty-core 3.1.0.Final)
- org.keycloak.adapters.jetty.core.JettySessionTokenStore (from
keycloak-jetty-core 3.1.0.Final)
The purpose is that these AdapterTokenStores refresh the current access
token with the refreshToken they have stored, and then update the
org.keycloak.adapters.RefreshableKeycloakSecurityContext (see
refreshExpiredToken() of this context) with a new token.
All of this is triggered thanks to the checkCurrentToken, called in
org.keycloak.adapters.jetty.core.AbstractKeycloakJettyAuthenticator.
The trouble is that the current "Authorization" header of the Request
object is not updated with the new token.
Therefore, even if the security context has a new token, the current
request failed because of the old token that is still in the Authorization
header (the check is done in
BearerTokenRequestAuthenticator.authenticate(HttpFacade exchange)).
Any idea how to solve this issue? Does it mean the request must be done
twice even if the token is refreshed?
Otherwise, the alternative I see is to have a proxy that will be in charge
of refreshing the token by modifying the request header.
Thanks!
More information about the keycloak-user
mailing list