I have implemented an org.keycloak.adapters.AdapterTokenStore, like the
existing ones, for example:
- org.keycloak.adapters.jetty.core.JettyCookieTokenStore (from
keycloak-jetty-core 3.1.0.Final)
- org.keycloak.adapters.jetty.core.JettySessionTokenStore (from
keycloak-jetty-core 3.1.0.Final)
The purpose is that these AdapterTokenStores refresh the current access
token with the refreshToken they have stored, and then update the
org.keycloak.adapters.RefreshableKeycloakSecurityContext (see
refreshExpiredToken() of this context) with a new token.
All of this is triggered thanks to the checkCurrentToken, called in
The trouble is that the current "Authorization" header of the Request
object is not updated with the new token.
Therefore, even if the security context has a new token, the current
request failed because of the old token that is still in the Authorization
header (the check is done in
BearerTokenRequestAuthenticator.authenticate(HttpFacade exchange)).
Any idea how to solve this issue? Does it mean the request must be done
twice even if the token is refreshed?
Otherwise, the alternative I see is to have a proxy that will be in charge
of refreshing the token by modifying the request header.