Re: [keycloak-user] Refresh token - should it expire?
Yes, clients and users have to have permissions to use offline tokens.
Further the client has to explicitly request offline tokens using a scope
query param.
On 13 October 2015 at 20:34, Scott Rossillo <srossillo(a)smartling.com> wrote:
Will the option to create an offline token be client specific? For
example, client A should follow realm-wide expirations but client B should
be able to issue offline refresh tokens.
Scott Rossillo
Smartling | Senior Software Engineer
srossillo(a)smartling.com
[image: Powered by Sigstr] <http://www.sigstr.com/>
On Aug 18, 2015, at 7:14 AM, Juraci Paixão Kröhling <juraci(a)kroehling.de>
wrote:
Sounds good, thanks!
- Juca.
On 08/18/2015 12:52 PM, Stian Thorgersen wrote:
We still aim to get this included in 1.5, which is scheduled for early
September. It may slip to 1.6 which is scheduled for early October.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 2.5 KB)