Re: [keycloak-user] Offline token used to get access token - keycloak return 400

Hi. We are using offlice refresh tokens in our app. I see strange behaviour that I can't undestand: Keycloak version: 2.5.5 First we do login request: http://keycloak/auth/realms/vi/protocol/openid-connect/token using password grant type, credentials and scope=offline_access Then we wanted to test what happens when keycloak server is restarted (because of deployment, outage, whatever) Next we do refresh call using refresh_token (offline token): http://keycloak/auth/realms/vi/protocol/openid-connect/token grant_type=refresh_token&client_id=vinl&refresh_token={offline_refresh_token} We get 200 response with access_token in it When we try to use it to get user-details: http://keycloak/auth/realms/vi/protocol/openid-connect/userinfo using authorization header with access_token generated by using refresh_token Authorization: Bearer {Access_token} we get 400: { "error": "invalid_request", "error_description": "User session not found" } Can you please tell me if I'm doing something wrong or is it a Keycloak bug. After restart of KC, there is no active sessions, but I can see that offline tokens are there (in admin console) Why does it return 400? Thanks in advance Mariusz Chruścielewski _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user