On 12/02/16 18:10, robinfernandes . wrote:

Hi Everyone,

So the scenario that I am trying to understand is as follows:

1. I get an offline token and I try to refresh my token pair (access,refresh) using this offline token.
2. Will I get a new offline token? Or will Keycloak see that you passed in an offline token so it will return the same offline token back?

The tests that I performed I saw it returning a new offline token each time. Is that a correct understanding?

Yes, it works this way. However if you have some DAO on your application side, you don't need to save new offline token every time. You can still use the old offline token for refreshing and it will work. There is no any expiration on offline token itself, there is just expiration on keycloak-server side, which is updated during each token refresh (In other words, as long as you refresh at least once every 30 days, you can use same offline token for a years).

The only exception of this is, if you have "Revoke refresh token" switch enabled for your realm. Then each offline token can be used just once, so you need to always use newest offline token.

Marek

Is there any parameter I can pass to the token refresh call so that it gives me the same offline token back?

Thanks,
Robin
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user