Re: [keycloak-dev] Offline tokens
On 8/21/2015 8:50 AM, Bill Burke wrote:
On 8/21/2015 8:09 AM, Marek Posolda wrote:
> - Actually, for the frontend adapters (both server and keycloak.js ) I
> am thinking about adding the persistent cookie, which will be put on the
> application after successful login and is valid for the same time like
> the offline token (so couple of months). When browser is opened next
> time, the adapter will find the cookie and send the validation request
> to KC to check if offline token is still valid. This will allow the
> browser application to be logged with the same offline token for couple
> of months.
>
I don't understand why you need an offline token for browser
applications. We already support persistent cookies.
IMO, but Stian disgreed IIRC, is that what would be needed would be a
persistent UserSessionModel/ClientSessionModel store. If an offline
token is requested, then the current UserSessionModel is cloned and
stored persistently and the client's accesstoken/refresh token
references this cloned persistent UserSession/ClientSession. Then you
don't have to have any special UI in the admin console to manage offline
sessions. These sessions would just have a flag showing if they are
offline or not.
I just don't like the idea at all of creating a completely parallel and
redundant model that is a near duplicate of UserSession/ClientSession.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com