if you asked me, i think providing expiration date in json response (i.e.: second choice
in your list) makes it clear that refresh tokens do expire and it's easier on client
side refersh token dealing (not need to decode tokens etc…).
++
Corinne
On 15 Oct 2014, at 17:35, Bill Burke <bburke(a)redhat.com> wrote:
There's a few things we could do:
* Expand the public realm REST interface to include information about
timeouts
* oauth alreayd requires that access token response json document
contains an access token timeout, we could include the refresh tieout too.
* Then again, you could just decode the refresh token :)
On 10/15/2014 11:20 AM, Corinne Krych wrote:
> Hello Keycloak
>
> Today I run into an issue [1] related to the fact that in Keycloak server, refresh
tokens are:
> - renewed after each refresh token request. as described in second paragraph here
http://tools.ietf.org/html/rfc6749#section-10.4,
> - expirable, which is more a surprise to me. (nothing like that in oauth2 spec)
>
> So for iOS sdk we’ll need to adjust our logic in here [2] and cater to the fact that
if refresh token is expired we’ll need to go through grant ptopup again.
> To get refresh token expriation date one way is ask to renew refresh and hit a 400,
"Refresh token expired” or decode refresh token as done in key cloak.js [3].
>
> Thanks @mposolda for the links.
>
> @summers @passos: I guess it’s something you’ll need to consider too for Android
sdk.
>
> ++
> Corinne
> ——————
> AeroGear iOS tech lead
>
> [1]
https://issues.jboss.org/browse/AGIOS-294
> [2]
https://github.com/aerogear/aerogear-ios-oauth2/blob/master/AeroGearOAuth...
> [3]
https://github.com/keycloak/keycloak/blob/master/integration/js/src/main/...,
https://github.com/keycloak/keycloak/blob/master/integration/js/src/main/...
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev