You can use that in browser application with authorization_code too. That's not a problem.

For refresh_token you can't at this point. The offline token itself is special kind of refresh token (It's refresh token which never expires). So if you send refresh request with offline token, you will automatically receive new offline token. Otherwise if you send refresh request with "classic" refresh token, you will receive another classic refresh token. I suggest to look at documentation http://keycloak.github.io/docs/userguide/keycloak-server/html/timeouts.html#offline-access and try the example (referenced from documentation). The example is browser application and it uses authorization_code .

Marek

On 11/11/15 19:19, robinfernandes . wrote:

Hi All,

Just wanted a clarification regarding generation of offline tokens.

1. Can we use the grant_type = authorization_code or grant_type = refresh_token to get the offline tokens? Or is it only available for grant_type = password & grant_type = client_credentials?

2. Is there a way to give offline token to a particular user without using direct access grants?

Thanks,
Robin
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user