Hi All I am using the nodejs adapter keycloak.protect() to authenticate (using openid-connect) some of my http routes and have a problem that I hope someone out there can help with. app.post(‘/foobar’, keycloak.protect(), doStuff); The above works fine so long as the access token has not expired. But if its expired then I see it sending back a 302 to refresh the access token (with the redirect_uri=/foobar). Which is fine. I then see my browser doing a GET to keycloak to refresh the access token, that succeeds and I get back a 302 to the original /foobar route. But the 302 method is now a GET. Where as the original was a call was a POST. The will obviously fail as I have not defined a get operation for the route. What am I doing wrong here? Is there a way for me to tell keycloak that the redirect_uri is associated with a POST method? And what happens if the original call had a body? How is that handled? Any help would be much appreciated. Thanks! John ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com