10:01 a.m.
Hello,
I am using Keycloak openID endpoint to retrieve access token from keycloak
server using Direct Access Grant mode. I found each time a NEW request is
made using SAME user account/credential, Keycloak returns a *NEW *access
token. (So I can see the same user with multiple sessions)
In this way, I am not sure if a refresh token is still needed, because we
can basically get a new token for each request and NOT care about the
expiration?
Is this expected? Is same user supposed to have many access tokens? Is there
any potential issues to work in this way?
thanks,
R
--
View this message in context:
http://keycloak-user.88327.x6.nabble.com/Same-user-with-multiple-sessions...
Sent from the keycloak-user mailing list archive at Nabble.com.
1:37 p.m.
Hello,
I guess you should use the refresh token. The more you send the credentials over the
network the worse for security as you increase the chances of somebody obtaining them.
Nire Sony Xperia™ telefonotik bidalita
---- rafterjiang igorleak idatzi du ----
Hello,
I am using Keycloak openID endpoint to retrieve access token from keycloak
server using Direct Access Grant mode. I found each time a NEW request is
made using SAME user account/credential, Keycloak returns a *NEW *access
token. (So I can see the same user with multiple sessions)
In this way, I am not sure if a refresh token is still needed, because we
can basically get a new token for each request and NOT care about the
expiration?
Is this expected? Is same user supposed to have many access tokens? Is there
any potential issues to work in this way?
thanks,
R
--
View this message in context:
http://keycloak-user.88327.x6.nabble.com/Same-user-with-multiple-sessions...
Sent from the keycloak-user mailing list archive at Nabble.com.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2784
days inactive
2784
days old
1 comments
2 participants
participants (2)
-
Amaeztu -
rafterjiang