[keycloak-user] Auto Refresh of external IDP tokens
Carlos Feria
carlosthe19916 at gmail.com
Tue Feb 13 17:16:09 EST 2018
Hi All. I'm facing a problem trying to retrieve an external IDP token from
google using the Broker configuration.
This is the context: I have a Keycloak offline_token of every user of my
application, then I use these offline_tokens to retrieve external IDP Token
(Google) calling to:
GET /auth/realms/{realm}/broker/{provider_alias}/token
Authorization: Bearer {keycloak_access_token}
The http GET returns an access token and I use that access token to get
information from Google. The problem is that The access token retrieved has
an expiration of 1 hour and after that I'm not able to call to google any
more.
After reading the documentation I found this part:
http://www.keycloak.org/docs/latest/server_development/index.html#retrieving-external-idp-tokens
That part said: "These external tokens can be re-established by either
logging in again through the provider, or using the client initiated
account linking API."
It means that I have to force to the user to login again and again every
time I found the external token has been expired? Is it possible to
re-establish the external IDP token without the intervention of the user?
This doesn't seems to be a big problem, but because in my case I have
Keycloak offline_tokens I can't re-establish the external IDP token. How
would I face this problem?
--
Carlos E. Feria Vila
More information about the keycloak-user
mailing list