[keycloak-user] How to silently getting a new access token on Implicit Flow
Marcel van Tongeren
mvtongeren at link2control.nl
Fri Oct 6 04:26:24 EDT 2017
Hi,
I am working on an Aurelia SPA with Keycloak as the identity server.
Since it is a web client, I'm using the Implicit variant of the OpenId Connect authorization flow.
Authentication works fine, but I'm having a problem with getting a new access token, without interupting the workflow of the user.
The documentation states that I can't use UpdateToken (because there is no refresh token in Implicit flow) and that I should redirect to the login page instead.
Currently, I'm calling keycloak.login({prompt:'none'}) to do the redirect, but the problem is that you will lose all the data that the user entered on the current page, because it has the same effect as a full page refresh.
Now, I had the impression that the hidden IFrame was supposed the handle this, but I get the feeling that it is not much help when using the Implicit flow...?
There is plenty of documentation about initial authentication, but I couldn't find anything about 'refreshing' the access token when using the Implicit flow.
Is there another way to do the redirect, maybe from the IFrame, so it is all handled behind the scenes?
Btw, at first the IFrame wasn't created at all, because Aurelia fully replaces its root element, which happens to be the body element by default.
After I configured Aurelia's root element to be a child div of the body element, the IFrame seems to be created correctly.
Best regards,
Marcel
More information about the keycloak-user
mailing list