Actually KEYCLOAK_IDENTITY cookie is persistent just for the configured
idle timeout (like 30 minutes). But for the offline token, I imagine we
want to support the scenario when user authenticates to his application
after a week of inactivity or so.
Here I meant the cookie will be on the application side, not on the KC
side. When user opens his browser and goes to
http://localhost:8080/customer-portal , the application (adapter) side
will read the offline token from the persistent cookie and then login
user based on that.
Marek
On 21/08/15 14:50, Bill Burke wrote:
On 8/21/2015 8:09 AM, Marek Posolda wrote:
> - Actually, for the frontend adapters (both server and keycloak.js ) I
> am thinking about adding the persistent cookie, which will be put on the
> application after successful login and is valid for the same time like
> the offline token (so couple of months). When browser is opened next
> time, the adapter will find the cookie and send the validation request
> to KC to check if offline token is still valid. This will allow the
> browser application to be logged with the same offline token for couple
> of months.
>
I don't understand why you need an offline token for browser
applications. We already support persistent cookies.