[keycloak-dev] Refresh token expires too

Hello Keycloak Today I run into an issue [1] related to the fact that in Keycloak server, refresh tokens are: - renewed after each refresh token request. as described in second paragraph here http://tools.ietf.org/html/rfc6749#section-10.4, - expirable, which is more a surprise to me. (nothing like that in oauth2 spec) So for iOS sdk we’ll need to adjust our logic in here [2] and cater to the fact that if refresh token is expired we’ll need to go through grant ptopup again. To get refresh token expriation date one way is ask to renew refresh and hit a 400, "Refresh token expired” or decode refresh token as done in key cloak.js [3]. Thanks @mposolda for the links. @summers @passos: I guess it’s something you’ll need to consider too for Android sdk. ++ Corinne —————— AeroGear iOS tech lead [1] https://issues.jboss.org/browse/AGIOS-294 [2] https://github.com/aerogear/aerogear-ios-oauth2/blob/master/AeroGearOAuth... [3] https://github.com/keycloak/keycloak/blob/master/integration/js/src/main/..., https://github.com/keycloak/keycloak/blob/master/integration/js/src/main/...