4:20 p.m.
Hello,
We are in the process of securing our REST APIs using Keycloak. Please confirm our
understanding of the following:
We have a use case where our web client may SIMULTANEOUSLY send several REST API calls
(r1, r2,r3...) to our server using the Access Token (at1) and Refresh Token (rt1).
When r1 is being handled, assuming that at1 is expired, server-side adapter will be taking
care of getting new tokens (at2, rt2). Is it safe to assume that r2 and r3 will get hold
of at2 and rt2? If so, is it valid to conclude that the adapter is maintaining state for
the token.
Thank You,
Mikhail Kuznetsov
4:32 a.m.
On 11.12.2014 23:20, Kuznetsov, Mike wrote:
Hello,
We are in the process of securing our REST APIs using Keycloak. Please
confirm our understanding of the following:
We have a use case where our web client may SIMULTANEOUSLY send
several REST API calls (r1, r2,r3…) to our server using the Access
Token (at1) and Refresh Token (rt1).
When r1 is being handled, assuming that at1 is expired, server-side
adapter will be taking care of getting new tokens (at2, rt2). Is it
safe to assume that r2 and r3 will get hold of at2 and rt2? If so, is
it valid to conclude that the adapter is maintaining state for the token.
Your web client is servlet application secured by keycloak?
Actually it's the frontend application, which handles refreshing of
tokens. You can take a look at our example, where frontend application
is sending rest requests to backend application:
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/c...
. In this case when the code is calling:
session.getTokenString()
the adapter will automatically handle refreshing the token (it checks if
token is expired and automatically refresh if it is). So later you can
use this accessToken to send parallel requests to your REST endpoints
and it should be ok to assume that accessToken is not expired.
Marek
Thank You,
Mikhail Kuznetsov
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3680
days inactive
3681
days old
1 comments
2 participants
participants (2)
-
Kuznetsov, Mike -
Marek Posolda