Web UI: Refresh to /login when Keycloak token expires ----------------------------------------------------- Key: ARTIF-748 URL: https://issues.jboss.org/browse/ARTIF-748 Project: Artificer Issue Type: Task Reporter: Brett Meyer Assignee: Brett Meyer If the token expires, the server spits out: {code} 14:25:07,534 WARN [org.keycloak.events] (default task-36) type=REFRESH_TOKEN_ERROR, realmId=0c4049da-2746-468e-ab6d-49e51dd1f133, clientId=artificer-ui, userId=null, ipAddress=127.0.0.1, error=invalid_token 14:25:07,560 ERROR [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-37) Refresh token failure status: 400 {"error_description":"Refresh token expired","error":"invalid_grant"} {code} The next time the browser makes a call to the UI services, Errai reports an uncaught GWT exception. That call *must* be protected by Keycloak, in order for our Filter to pick up the KeycloakSecurityContext and create the bearer token. However, the GWT exception shows that the Keycloak *login page* is being served on the call, so Errai's JSON marshaller barfs on the HTML. APIMan (Angular UI) checks for a 401 response code and automatically refreshes the browser to combat this. However, I'm not sure if that's possible in this case. Our use of Errai's "Caller" pattern isn't kicking in for these errors (completely sidesteps the ErrorHandler), I'm guessing due to it being a lower level issue with the GWT marshaller. Idea: Have a pure Javascript loop "ping" the UI services and check the response.