<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Date: Thu, 18 Aug 2016 06:06:08 +0200<br>
From: Stian Thorgersen <<a href="mailto:sthorger@redhat.com">sthorger@redhat.com</a>><br>
Subject: Re: [keycloak-user] Newbie question about session last access<br>
time updating.<br>
To: Joe Thielen <<a href="mailto:joe@joethielen.com">joe@joethielen.com</a>><br>
Cc: keycloak-user <<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><wbr>><br>
Message-ID:<br>
<<a href="mailto:CAJgngAfH_JfS-YK85SCUfDkeabuJBGYPu-fEi8du1ZuPsDVz_g@mail.gmail.com">CAJgngAfH_JfS-<wbr>YK85SCUfDkeabuJBGYPu-<wbr>fEi8du1ZuPsDVz_g@mail.gmail.<wbr>com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
What you're doing works just fine and is the only way available at the<br>
moment at least. It will have an impact on performance, both in terms of<br>
latency for request in your app and also additional load on the KC server.<br>
As long as you take that into consideration you should be fine.<br>
<br>
On 17 August 2016 at 17:30, Joe Thielen <<a href="mailto:joe@joethielen.com">joe@joethielen.com</a>> wrote:<br>
<br>
> Hello all. I am new to both Keycloak and OpenID Connect. Keycloak looks<br>
> like a fantastic project and thanks to all who've put in work on it.<br>
><br>
> I love that Keycloak can be set up to save events (login/logout/etc...).<br>
> I love that there is a way to administratively log out user sessions. All<br>
> this is great. My question is, what is the proper procedure to update the<br>
> session's "Last Access" if I want it to be updated on every page request by<br>
> a user? In some cases I have strict application requirements where it's<br>
> important to know exactly when the user last did something. So I can't<br>
> just log them in and periodically do a refresh to keep the session going.<br>
> I want to update the session every time the user does something (i.e.,<br>
> every page request or API request).<br>
><br>
> Maybe this is overkill for most applications. Like I said, I'm new to<br>
> both Keycloak and OpenID Connect. I've figured out how to do the<br>
> authorization flow, request user info, and logout. And I think I've<br>
> figured out how to update the session in such a manner that it does update<br>
> the last access time. However, I'm not sure I'm doing it correctly...<br>
><br>
> Here is an example using curl of what I've been doing to keep the last<br>
> access time updated:<br>
><br>
> curl -s --data "grant_type=refresh_token&<wbr>client_id=CLIENTID&client_<br>
> secret=CLIENTSECRET&refresh_<wbr>token=REFRESHTOKEN" "<br>
> <a href="https://HOSTNAME:8443/auth/realms/REALMNAME/protocol/openid-connect/token" rel="noreferrer" target="_blank">https://HOSTNAME:8443/auth/<wbr>realms/REALMNAME/protocol/<wbr>openid-connect/token</a><br>
><br>
> Am I incorrectly using the refresh token here? In reading up on the flow,<br>
> it seems like this should only be used periodically, like when the<br>
> access_token expires.<br>
><br>
> A positive side effect of this is that on every single request I'm<br>
> checking to ensure the session hasn't been administratively logged out.<br>
><br>
> ______________________________<wbr>_________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.jboss.org/pipermail/keycloak-user/attachments/20160818/956ac2dc/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.jboss.org/<wbr>pipermail/keycloak-user/<wbr>attachments/20160818/956ac2dc/<wbr>attachment-0001.html</a><br></blockquote></div><br></div><div class="gmail_extra">Good to know, thank you Stian.<br></div></div>