Re: [keycloak-user] Token refresh from Android native app

I’m currently using the browser to initially log in to my app. After the user credentials have been validated I intercept the url containing the code and use that on the resource /realms/myrealm/tokens/access/codes. To convert the code into a token. I am then able to use the embedded access token for subsequent API calls. This works fine until the access token expires. When the access token expires the service returns a 401. At present the only way I can get past this is to redirect the user back to the login page and start the above process again (creates another session). I would only expect to have to do this if the SSO idle timeout and been reached (it hasn’t). I’ve looked through the API docs and found the resource /realms/myrealm/token/refresh. I’ve tried using this resource but have failed miserably. Could someone please explain how to use this resource or point me somewhere else if I’ve got it completely wrong.

Example code below. private JWSToken refreshToken(String accessToken, String refreshToken) throws IOException, InvalidTokenException{ JWSToken token = null; String url = "http://127.0.0.1:8080/auth/realms/myrealm/tokens/refresh"; //String query = “refresh_token=“ + refreshToken; //String query = “refresh_token=“ + refreshToken + “client_id=" + CLIENT_ID"; String query = "refresh_token=" + refreshToken + "client_id=" + CLIENT_ID + "grant_type=refresh_token"; //Tried all the above HttpPost httppost = new HttpPost(url); httppost.addHeader(“Authorization”, “Bearer “ + accessToken); //401 with 400 without httppost.addHeader("Content-Type", "application/x-www-form-urlencoded"); ByteArrayEntity entity = new ByteArrayEntity(query.getBytes()); httppost.setEntity(entity); HttpResponse response = httpclient.execute(httppost); int status = response.getStatusLine().getStatusCode(); if (status == HttpStatus.SC_OK){ InputStream stream = null; try{ stream = response.getEntity().getContent(); ObjectMapper mapper = new ObjectMapper(); token = mapper.readValue(stream, JWSToken.class); }finally{ if (stream != null){ stream.close(); } } }else{ throw new InvalidTokenException(); } return token; } Causeway is committed towards reducing its carbon footprint. Please consider the environment before printing this email. Disclaimer Notice :- The message and any attachments contained in this e-mail are intended for the named recipient(s) only. It may contain privileged or confidential information or information which is exempt from disclosure under the applicable laws. If you are not the intended recipient(s), you must not read, print, retain, copy distribute, forward or take any or refrain from taking any action in reliance on it or any of its attachments. If you have received or have been forwarded this e-mail in error, please notify us immediately by return e-mail or telephone (+44 (0)1628 552000) and delete this message from the computer or any other data-reading device in its entirety. Please advise us immediately if you do not or your employer does not consent to Internet e-mail for messages of this nature. Internet communications cannot be guaranteed to be secure and error-free as the information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender and this Company therefore do not and shall not accept any liability or responsibility of whatsoever nature in the context of this message and its attachment(s) which arises as a result of Internet transmission. Opinions, conclusion, representations, views and such other information in this message that do not relate to the official business of this Company shall be understood as neither given nor endorsed by it. Registered Office: Comino House, Furlong Road, Bourne End, Buckinghamshire, SL8 5AQ Registered in England No: 3921897 www.causeway.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user