[Hawkular-dev] Keycloak Authorization Tokens

Hey everybody, As you might know I’m working on the Hawkular Android Client project [1]. If you tried to run the application you might saw that we are using OAuth to get access to Hawkular instances because basic auth is too barbaric. For testing purposes I use the Docker container named jboss/hawkular-aio [2] with Hawkular 1.0.0 Alpha 3. Keycloak provides two types of auth tokens. First—a regular one, expires after 5 minutes by default. Second—a refresh one, which is used to refresh a regular one, expires after 30 minutes by default. The thing is, it seems like Keycloak refreshes refresh tokens, i. e. refresh tokens can expire. All tokens, including the refresh one of course, are refreshed in the refresh procedure. In practice it means that if you don’t use the application for an hour, for example, you are forced to relogin, because you have no ability to refresh tokens. This sounds weird and personally I would be pissed to relogin basically every time I use the application. Am I right? Is this a proper behaviour? Can it be avoided without reconfiguring Keycloak? Who are we in this world? These are the questions :-) Artur. [1]: https://github.com/hawkular/hawkular-android-client [2]: https://hub.docker.com/r/jboss/hawkular-aio/