Re: [keycloak-dev] Clarification on Access Token and Refresh Token

From: "Bappaditya Gorai (bgorai)" <bgorai(a)cisco.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Friday, 19 September, 2014 8:53:04 AM Subject: [keycloak-dev] Clarification on Access Token and Refresh Token Hi Keycloak Dev Team, First of all congrats to you guys with your 1.0 Final release. We have an application configured in Keycloack as public client, which is accessed using a java client (httpclient). However we don’t see access_token coming out of Resource server. So for the next call to Resource server, my client need to repeat authorization steps all over again (If we don’t maintain session in client side , which is our requirement) . I understand for web client (web browser) session id is used by keycloak adapter to establish the authenticity of the client for consecutive resource access calls. 1. Is there any way to get the access_token in resource server response (may be as a cookie ) as resource server adapter is doing “code to token” ? So that successive call to resource server we can send the access_token . 2. Actually in my setup Resource Server/Application is behind load balancer. So session id may not be valid for different node. Is there any way to configure application/resource server so that a) Client can get back the access token. b) Refresh can also happen automatically. 3. As per my understanding, currently keycloak stores access token /refresh token etc in server http session. If there is way to persist access token /refresh token etc in data store so that a. Inactivity/session will not clear these data. (Can provide longevity) b. Resource Servers can use load balancer setup. Thanks Bappaditya Gorai _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev