Yes the frontend should provide the refreshed token, how does your angular
code works ? Have you seen the example here :
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/a...
?
On Thu, Dec 22, 2016 at 12:36 PM, java_os <java(a)neposoft.com> wrote:
I would think that the front end would block or re-new the token and
send
into the call a valid token to the bearer call.
I am passing the token extracted from the front-end into the header to the
bearer rest call. So does keycloak.js re-issuing a new valid token if the
existing one expired? Currently it does not since I am seeing
VerificationException on the bearer rest layer.
thoughts???
> Forgot to mention that the angular piece is under keycloak.js and so this
> may be able to expire the session before A or B 's token becomes
inactive?
> Overall am trying to see how others handle this , as I think this is a
> regular web/rest scenario that I am not the only one doing it.
> Hoping to get some help from whoever.
> Thanks
>
>> Hi
>> I have 2 bearer rest layers (A,B): A calls B. In front I have an angular
>> web layer calling A -> B.
>>
>> What is the best practices to handle "Token is not active" when user
>> sits
>> in front idle and token becomes inactive, http session still valid but
>> KC
>> token expired? If B reaches token not active, on the call from A to B -
>> how would I propagate this to the front layer?
>> A has to consume the ValidationException from B and notify front layer
>> to
>> auto logout or prompt the user with a message saying 'your session
>> expired, please login' or automatically throw the user into the login
>> prompt in front.
>>
>> For this scenario above, anyone share some thoughts?
>> Thanks
>>
>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user