Re: [keycloak-user] Client setup recommandation

It's all controlled by the session and there are no way to get tokens that work for longer. Issuing offline tokens to a web application would be a really bad idea. If you want users to remain authenticated set the idle to a higher value. That's it. On 25 January 2017 at 15:09, David Delbecq <david_delbecq(a)trimble.com&gt; wrote: Hello, we have a javascript web application we are migrating to keycloak. I am not sue what are the recommandations on setting up configuration for that client with the following requirement: Once user triggers the "login" and gets keycloak authenticated, we should get a bearer token to use later on REST services. The user should not be requested again to login, unless he logs out. Even if he closes his browser. So we need a way to keep or replace token on a regular basis. Is there some keycloak REST service we can poll on a regular basis for this? Sometimes the user goes "off grid" (no network communication) for several hours. How can we ensure we still keep logged in? My first idea was to just increase the SSO timeout and token validity to 30 days. But it seems like a bad idea from my reading of keycloak documentation. So i tried to use an offline token instead, but it seems the implicit flow doesn't allow you to get an offline token. All token i get after login are marked as expiring within 15 minutes. What's the recommended way to get long lived refresh token, using implicit flow? -- <http://www.trimble.com/> David Delbecq Software engineer, Transport & Logistics Geldenaaksebaan 329, 1st floor | 3001 Leuven +32 16 391 121 <+32%2016%20391%20121> Direct david.delbecq(a)trimbletl.com <http://www.trimbletl.com/> _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user --