[keycloak-dev] Smaller RefreshTokens?

Saturday, 6 April 2019

Hello,

the refresh tokens which are currently issued by Keycloak contain standard
JWT claims and references to the Keycloak session. Additionally they also
contain realm roles and client role information together with the used
scope.

I'm wondering whether roles and scope information is required for refresh
tokens or could even be removed?

Cheers,
Thomas

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[keycloak-dev] Smaller RefreshTokens?