access token used to securely invoke remote apps. refresh token to
refreesh the access token. You have to call the auth-server's refresh
endpoint though and provide client credentials (not user credentials).
AccessTokenResponse has info about when the access token will expire.
On 3/11/2015 4:45 PM, Emil Posmyk wrote:
Hi all
I did some research about refreshing the tokens and now I know how to do
this, but more important question is how should I use it. For example:
when we have an object AccessTokenResponse then we can use token
(String) or refresh token (this is used also for logout), first will be
active eg: 5 minuts, but refresh token will be active forever (there is
no expiration time if I understood correctly). But should I use refresh
token to authenticate application or maybe only token with expiration
should be used ?
Other case is that I have a method for getting a map with access token.
I used for that refresh token to get it. This access token now should be
used as a new token and it is right way ?
/
regards/
/--/
/Emil Posmyk
/
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com