<div dir="ltr">What you're doing works just fine and is the only way available at the moment at least. It will have an impact on performance, both in terms of latency for request in your app and also additional load on the KC server. As long as you take that into consideration you should be fine.</div><div class="gmail_extra"><br><div class="gmail_quote">On 17 August 2016 at 17:30, Joe Thielen <span dir="ltr"><<a href="mailto:joe@joethielen.com" target="_blank">joe@joethielen.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div>Hello all. I am new to both Keycloak and OpenID Connect. Keycloak looks like a fantastic project and thanks to all who've put in work on it. <br><br></div>I love that Keycloak can be set up to save events (login/logout/etc...). I love that there is a way to administratively log out user sessions. All this is great. My question is, what is the proper procedure to update the session's "Last Access" if I want it to be updated on every page request by a user? In some cases I have strict application requirements where it's important to know exactly when the user last did something. So I can't just log them in and periodically do a refresh to keep the session going. I want to update the session every time the user does something (i.e., every page request or API request).<br><br></div>Maybe this is overkill for most applications. Like I said, I'm new to both Keycloak and OpenID Connect. I've figured out how to do the authorization flow, request user info, and logout. And I think I've figured out how to update the session in such a manner that it does update the last access time. However, I'm not sure I'm doing it correctly...<br><br></div>Here is an example using curl of what I've been doing to keep the last access time updated:<br><br>curl -s --data "grant_type=refresh_token&<wbr>client_id=CLIENTID&client_<wbr>secret=CLIENTSECRET&refresh_<wbr>token=REFRESHTOKEN" "<a href="https://HOSTNAME:8443/auth/realms/REALMNAME/protocol/openid-connect/token" target="_blank">https://HOSTNAME:8443/auth/<wbr>realms/REALMNAME/protocol/<wbr>openid-connect/token</a><br><br></div>Am I incorrectly using the refresh token here? In reading up on the flow, it seems like this should only be used periodically, like when the access_token expires.<br><br></div><div>A positive side effect of this is that on every single request I'm checking to ensure the session hasn't been administratively logged out.<br></div></div>
<br>______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>