Hi there,
i have a setup where i use a node js application and Keycloak-connect
NPM module in order to align it with keycloak single-sign on flow.
Everything is working fine except of one thing.
When my refresh token is expired and i am trying to access a resource in
application that is protected by keycloak.protect() i am getting a
redirect to keycloak page (a flow that i find it correct ) and my user
is automatically getting re-logged in without posting any credentials.
i don;t know if that behavior is right.
My Keycloak Realm-Settings on Token tab are:
Revoke Refresh Token --> Off
SSO Session idle --> 2 minutes
SSO Session Max --> 4 minutes
Access Token Lifespan --> 1 minute
I also noticed this type of behavior on the nodejs-example that keycloak
connect provides so i believe that there isn't something wrong with my
application.
Also i put some logs inside keycloak-middleware to make sure that the
refresh Token is expired by going to the relative function and made sure
that the refresh is expired.
In addition this is happening of course when the 2 minutes are past and
i am trying to do a request to the Refresh token is definetly getting
expired there but still Keycloak seems to getting me logged in again and
NOT redirecting me to the Login page.
Thanks in Advance for the help,
Konstantinos
Show replies by date