The registration access token changes compared to POST request return at
/clients-registrations/openid-connect
even in case of health check GET response at /clients-registrations/[
client_ID]
That is ok for now, the code calling ClientRegistrationUtils.
updateRegistrationAccessToken.
We found a way in our application to extract the changing registration
access token.
I agree though that having an option for keeping the registration access
token constant or supporting the last two as valid would be great.
Am 04.01.2017 1:17 nachm. schrieb "Stian Thorgersen"
<sthorger(a)redhat.com>:
For health checks do a get which doesn't change the registration
access
token. Only updates do.
It's not possible to currently keep the registration access token, but we
should be able to add an option to do so. Supporting last two registration
access tokens might be a good compromise as that would allow retrying the
previous one in the event of a failure, but still allow detecting if the
token is leaked.
On 4 January 2017 at 13:03, Sven Thoms <sven.thoms(a)gmail.com> wrote:
> Hello
>
> For client registration health checks and subsequent request resiliency
> (what if answer with registration access token does not arrive), is it
> possible to keep the registration access token permanent and unchanging,
> once client is registered ?
>
> Regards
>
> Sven
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>