On 03/11/15 09:32, Thomas Raehalme
We support offline tokens for service accounts because there is no
reason (bad side effect) of not supporting it. Or at least I am not
aware of any. Are you? Adding this support came "for free".
One usecase when it can be useful is, for example if you have
offline token and you don't know how was this offline token
authenticated (if it was direct grant, service account or browser).
You can send the refresh token request with this token regardless of
the offline token type as the refreshToken endpoint is same for all
keycloak-user mailing list