Am I incorrectly using the refresh token here? In reading up on the flow, it seems like this should only be used periodically, like when the access_token expires.Here is an example using curl of what I've been doing to keep the last access time updated:Maybe this is overkill for most applications. Like I said, I'm new to both Keycloak and OpenID Connect. I've figured out how to do the authorization flow, request user info, and logout. And I think I've figured out how to update the session in such a manner that it does update the last access time. However, I'm not sure I'm doing it correctly...Hello all. I am new to both Keycloak and OpenID Connect. Keycloak looks like a fantastic project and thanks to all who've put in work on it.I love that Keycloak can be set up to save events (login/logout/etc...). I love that there is a way to administratively log out user sessions. All this is great. My question is, what is the proper procedure to update the session's "Last Access" if I want it to be updated on every page request by a user? In some cases I have strict application requirements where it's important to know exactly when the user last did something. So I can't just log them in and periodically do a refresh to keep the session going. I want to update the session every time the user does something (i.e., every page request or API request).
curl -s --data "grant_type=refresh_token&client_id=CLIENTID&client_ secret=CLIENTSECRET&refresh_ token=REFRESHTOKEN" "https://HOSTNAME:8443/auth/ realms/REALMNAME/protocol/ openid-connect/token A positive side effect of this is that on every single request I'm checking to ensure the session hasn't been administratively logged out.
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user